Back to skill

Security audit

Wip Repo Permissions Hook

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed GitHub repo visibility guard that checks for a matching private repository before allowing public visibility changes.

Install this only if you want an agent hook or tool that can block GitHub repo visibility changes to public. It relies on your existing `gh` authentication and can read GitHub repo metadata for the orgs you ask it to check, but the reviewed code does not modify repos or send data to a non-GitHub service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.