Back to skill

Security audit

Mission Control

Security checks across malware telemetry and agentic risk

Overview

Mission Control is mostly aligned with its task-board purpose, but it gives persistent webhooks and GitHub credentials meaningful control over the agent while making some credential-storage and webhook-verification claims that are not fully supported by the artifacts.

Review the credential model before installing: use dedicated least-privilege GitHub tokens, configure a real webhook secret, restrict dashboard/repository access to trusted users, and be comfortable with a persistent webhook that can wake the agent when tasks are moved to In Progress.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal, suspicious.install_untrusted_source (+1 more)

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
assets/transforms/github-mission-control.mjs:26

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
assets/data/tasks.json:12

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
assets/examples/mission-control.json:3

Sensitive-looking file read is paired with a network send.

Warn
Code
suspicious.potential_exfiltration
Location
assets/transforms/github-mission-control.mjs:166