Codeberg

Security checks across malware telemetry and agentic risk

Overview

This Codeberg helper appears purpose-aligned, but it gives agents access-token and repository-secret workflows without enough safety guidance.

Install only if you intend to let the agent administer Codeberg repositories. Use a least-privilege token, prefer a secure credential store or environment-based auth over command-line tokens, avoid showing secret names unless necessary, and redact token or secret-related output from transcripts and logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly instructs users to list repository secrets via `tea actions secrets list` without any warning about the sensitivity of the output or when such access is appropriate. Even if secret values are not fully revealed, enumerating secret names and metadata can disclose deployment targets, third-party integrations, and privileged automation structure that helps an attacker plan follow-on attacks.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill tells users to pass an access token directly on the command line with `--token <your-token>`, which can expose credentials through shell history, process listings, terminal logging, or audit tooling. This creates a clear path for credential theft and subsequent unauthorized access to Codeberg repositories, issues, PRs, and administrative functions available to that token.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal