Back to skill

Security audit

Github Bounty Hunter

Security checks across malware telemetry and agentic risk

Overview

This skill is openly built to automate GitHub bounty applications, but it can repeatedly post public comments from the user's GitHub account without strong approval or scoping controls.

Install only if you are comfortable with a tool that can publicly comment on GitHub issues from your account. Before running it, verify the authenticated gh account, use a least-privilege token, add a dry-run or manual approval step, restrict allowed repositories, set action limits, and replace or remove the bundled wallet_address value.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README advertises autonomous proposal submission and wallet management, both of which can perform external actions affecting user accounts, reputation, or funds, but it provides no warning, consent model, or description of safeguards. In the context of an autonomous agent skill, normalizing unattended submissions and fund-related operations increases the risk of account abuse, spam, accidental transactions, or misuse of stored credentials.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly promotes autonomous submission of proposals, automatic PR creation, and wallet/payment handling on external platforms using the user's GitHub account and payment details, but provides no warnings, approval gates, or scope restrictions. In this context, the automation can cause unauthorized account actions, spammy or policy-violating submissions, reputational damage, and exposure or misuse of financial identifiers, making the omission security-relevant rather than merely a documentation issue.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill is designed to post public GitHub comments automatically, without user confirmation, review, or a dry-run mode. In an agent setting, this is dangerous because it can trigger unauthorized account actions, spam repositories, damage reputation, and interact with attacker-controlled issues at scale.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.