github-skill-manager

Security checks across malware telemetry and agentic risk

Overview

This is a clearly described GitHub skill manager that can install, update, and remove local skills, so users should treat it as a powerful but purpose-aligned tool.

Install only if you want an agent to manage local skills from GitHub. Before installs or updates, verify the owner, repo, branch, and path, and inspect unfamiliar skills. Use a least-privileged GitHub login where possible, and require explicit confirmation before uninstalling or bulk-updating skills.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The uninstall workflow instructs deletion of `skills/{skill-name}/` and registry removal without requiring explicit user confirmation or a clear destructive-action warning. In a skill that manages filesystem state, this increases the risk of accidental or socially engineered deletion of installed content, especially if the skill is triggered by ambiguous user requests or mistaken skill-name resolution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal