Back to skill

Security audit

GitLab Batch Cloner

Security checks across malware telemetry and agentic risk

Overview

The skill matches its GitLab cloning purpose, but it under-discloses unsafe GitLab token handling and disables TLS verification while using that token.

Review or modify the script before installing. Use a least-privilege read-only GitLab token, run it in a controlled environment, avoid passing secrets in command-line URLs, re-enable TLS verification or configure a trusted internal CA, and preinstall pinned dependencies instead of allowing runtime pip installation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
"""Clone a project via HTTPS with embedded token, then strip token from remote.
    Uses start_new_session + process-group kill to avoid orphan git processes."""
    url_with_token = http_url.replace("https://", f"https://oauth2:{token}@")
    proc = subprocess.Popen(
        ["git", "clone", "--quiet", url_with_token, target_dir],
        stdout=subprocess.PIPE,
        stderr=subprocess.PIPE,
Confidence
95% confidence
Finding
proc = subprocess.Popen( ["git", "clone", "--quiet", url_with_token, target_dir], stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True, start_new_sessi

subprocess module call

Medium
Category
Dangerous Code Execution
Content
from openpyxl.styles import Font, Alignment, Border, Side
except ImportError:
    print("[setup] Installing openpyxl ...")
    subprocess.check_call([sys.executable, "-m", "pip", "install", "openpyxl", "-q"])
    import openpyxl
    from openpyxl.styles import Font, Alignment, Border, Side
Confidence
90% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "openpyxl", "-q"])

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Bootstrapping dependencies by invoking pip is outside the minimum necessary behavior for cloning and indexing GitLab repositories. This introduces avoidable arbitrary code execution from package installation at runtime, making the environment more exposed than the skill's stated purpose requires.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script reads a sensitive GitLab token from the environment and then uses it for authenticated API calls and clone operations, including embedding it in clone URLs elsewhere in the file. In this skill context, handling a PAT is expected, but the lack of safer credential handling and explicit safeguards increases the chance of token leakage and broad repository compromise.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.