Baoyu Electron Extract

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill transparently extracts Electron app bundles to local files, which is sensitive but aligned with its stated purpose.

Install this only if you intentionally want to inspect or extract Electron applications. Use --dry-run when selecting an app, review the output directory before running, and treat extracted files as sensitive because they may include proprietary code, embedded configuration, or secrets. Be careful with --force because it allows writing into an existing non-empty output directory.

SkillSpector (2)

By NVIDIA

Vague Triggers

Medium

Confidence: 72% confidence
Finding: The trigger phrases are broad enough to match ordinary discussion about how an Electron app works, which can cause the extraction workflow to run when the user only intended a conceptual conversation. Because this skill writes extracted application resources and code to disk, accidental invocation can lead to unnecessary handling of proprietary or sensitive application content.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The description emphasizes convenience but does not clearly warn that the skill copies and restores potentially sensitive or proprietary application code, resources, and source-mapped content onto local disk. Users may not realize that using the skill can create durable artifacts containing confidential code or embedded secrets from installed applications.

Static analysis

Dangerous exec

Critical

Finding: Shell command execution detected (child_process).

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal