Back to skill

Security audit

Changelog Generator / Changelog 生成

Security checks across malware telemetry and agentic risk

Overview

The skill appears non-destructive, but it advertises changelog automation while providing only placeholder commands and unrelated promotional links.

Review before installing. The artifact does not show malware-like behavior, but it also does not provide the advertised changelog generator and includes unrelated promotions. Prefer a version that documents exactly what git data it reads, what files it creates or modifies, and how users control output paths before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill advertises automated changelog generation from git history, but the content contains no actual implementation or instructions for accessing git history and instead includes marketing and affiliate material. This is dangerous because it misrepresents the skill's purpose, can mislead users or downstream agents into invoking an untrusted or non-functional capability, and suggests the package may be serving promotional goals rather than its declared function.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The 'How It Works' section implies a functional automation workflow, but the commands only check for binaries and print static status messages. This is dangerous because it creates deceptive operational expectations, which can cause users or orchestration systems to trust a capability that does not exist and obscure what actions the skill really performs.

Context-Inappropriate Capability

Low
Confidence
92% confidence
Finding
The skill embeds unrelated upgrade pitches and affiliate links that have no legitimate role in changelog generation. This is dangerous because agent skills are expected to be task-focused; inserting promotional content creates a trust-boundary violation and can be used to monetize or redirect users under the guise of tooling.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description is broad and underspecified, with no activation constraints, scope limits, or conditions for when the skill should operate. This is dangerous in agent environments because vague capability descriptions increase the chance of inappropriate invocation, over-broad repository access assumptions, and misuse in contexts the author did not define.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The skill claims to generate changelogs from git history but does not disclose that this implies reading repository metadata and potentially writing generated output files. This omission is dangerous because users and agents are not informed about data access and side effects, weakening informed consent and safe execution controls.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.