Github Local
Security checks across malware telemetry and agentic risk
Overview
This is a simple GitHub CLI helper skill with no executable code, installer, persistence, or hidden behavior.
Install this if you want the agent to use your local `gh` CLI. Before use, check which GitHub account and token scopes `gh` is authenticated with, and require confirmation for commands that merge, close, comment, rerun, cancel, delete, or otherwise change repository or account state.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.