Security audit
Wip Repo Permissions Hook
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed GitHub repo visibility guard that checks for a matching private repository before allowing public visibility changes.
Install this only if you want an agent hook or tool that can block GitHub repo visibility changes to public. It relies on your existing `gh` authentication and can read GitHub repo metadata for the orgs you ask it to check, but the reviewed code does not modify repos or send data to a non-GitHub service.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
67/67 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
