Environment variable access combined with network send.
- Code
- suspicious.env_credential_access
- Location
- assets/transforms/github-mission-control.mjs:26
Security audit
Security checks across malware telemetry and agentic risk
Mission Control is mostly aligned with its task-board purpose, but it gives persistent webhooks and GitHub credentials meaningful control over the agent while making some credential-storage and webhook-verification claims that are not fully supported by the artifacts.
Review the credential model before installing: use dedicated least-privilege GitHub tokens, configure a real webhook secret, restrict dashboard/repository access to trusted users, and be comfortable with a persistent webhook that can wake the agent when tasks are moved to In Progress.
64/64 vendors flagged this skill as clean.
Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal, suspicious.install_untrusted_source (+1 more)