GitHub Issue Finder

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward GitHub issue discovery and analysis helper, with expected GitHub CLI use and no hidden or destructive behavior found.

Install this if you are comfortable letting an agent use your local GitHub CLI to query issues, repositories, pull requests, and project metadata. Confirm the intended GitHub account and repository scope first, and require explicit approval before the agent posts comments, creates branches, pushes code, or opens pull requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill instructs the agent to use shell commands and a Python script, and references writing an output report, but the skill metadata declares no permissions. This mismatch is dangerous because an agent or runner may execute capabilities the user did not explicitly approve, including repository inspection, local filesystem access, and file creation/modification during analysis workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal