Back to skill

Security audit

Lingxi · Daily Ops Automation

Security checks across malware telemetry and agentic risk

Overview

The skill openly automates GitHub and social activity, but it asks for broad account access and scheduled public actions without enough safeguards.

Review carefully before installing. Use only fine-grained, least-privilege GitHub tokens, store secrets outside committed files, and do not enable schedules until you have confirmed exactly which repos, comments, issue updates, and social channels it can affect.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill advertises automation that performs external actions on GitHub and social platforms, including starring repositories, posting comments, reviewing or updating trackers, and social publishing, but it does not prominently warn users that these actions may occur automatically under scheduled execution. This creates a real risk of unintended account activity, spammy behavior, policy violations, and reputational damage because users may install or trigger the skill without fully appreciating that it will act on their behalf against third-party services.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The configuration example instructs users to place a GitHub token directly into a local JSON file without any caution about secure storage, least-privilege scoping, file permissions, or avoiding accidental commits and logs. Because the skill also automates outbound GitHub actions, compromise or mishandling of this credential could let an attacker or misconfigured workflow act as the user, modify repositories, or abuse the account at scale.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.