GitHub Trending Feed

Security checks across malware telemetry and agentic risk

Overview

This skill fetches public GitHub Trending repository data and prints JSON, with no local data access, credential use, persistence, or account-changing behavior found.

Install only if you are comfortable with the skill making unauthenticated requests to GitHub. Treat results as best-effort: if scraping fails it may return fallback repositories, and the language-filter option may not work as described.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill clearly requires outbound network access to fetch GitHub Trending data and call the GitHub REST API, but it does not declare any permissions. Undeclared network capability weakens review and enforcement because operators may approve or run the skill without understanding its true access needs, increasing the chance of unauthorized external communication.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 81% confidence
Finding: The description says the skill fetches GitHub Trending repositories, but the workflow also performs additional GitHub REST API calls for each repository to collect more details. This behavior gap matters because extra API calls expand network activity, data flow, rate-limit exposure, and operational risk beyond what a reviewer or user would reasonably infer from the declared purpose.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal