Github Custom
Security checks across malware telemetry and agentic risk
Overview
This skill is a straightforward GitHub CLI helper with no executable code, install hooks, persistence, or hidden behavior found.
Install this only if you are comfortable letting the agent use your configured GitHub CLI context. Confirm the active `gh` account and scopes, prefer explicit `--repo owner/repo` targets, and review any command that would modify issues, pull requests, workflow runs, or repository data.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.