Back to skill

Security audit

Lingxi · Webhook Dispatcher with GitHub API Fallback

Security checks across malware telemetry and agentic risk

Overview

This skill is understandable in purpose, but it gives agents broad automatic authority to change GitHub repositories through API fallback without enough scoping or user confirmation.

Install only if you are comfortable letting an agent use a tightly scoped GitHub token to write repository contents through the API. Configure explicit repo, branch, and path limits, require confirmation before fallback or fan-out uploads, and disable or restrict alert webhooks unless you know exactly what metadata they send.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises automatic fallback behavior that uploads files directly to the GitHub Contents API after a push failure, but it does not clearly warn users that repository contents may be modified outside normal git workflows and potentially across multiple repositories. This can lead to unintended writes, bypass expected review or branch protections in some setups, and surprise operators during failure handling.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The configuration includes an external alert webhook but does not warn that failure details, repository identifiers, or other operational metadata may be transmitted to a third-party endpoint. In security-sensitive environments, silent exfiltration of metadata to external services can violate data-handling expectations and expose internal workflow information.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.