Repo Explorer

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only Gitee repository exploration helper with broad activation wording but no evidence of hidden or destructive behavior.

Install this only if you want the agent to analyze Gitee repositories through a trusted Gitee MCP server. Be careful with private repositories, since files the configured account can access may be read into the assistant context; verify any optional mcporter binary separately.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill description contains very broad trigger phrases such as 'get familiar with a project' and 'what does this repository do', which can match many ordinary repository-related requests. In an agent system, overly broad activation criteria can cause this skill to be selected unexpectedly, leading to unnecessary repository access and tool use when a narrower or safer skill would be more appropriate.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal