Security audit

Pre Publish Security

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate security-audit skill, but it needs review because it can persistently change git push behavior and may expose sensitive scan results locally.

Install only if you want this skill to audit selected repositories and potentially block pushes. Review and back up any existing .git/hooks/pre-push file first, avoid using the sub-agent audit on highly sensitive repos unless you accept its scope, and delete /tmp audit reports after review because they may contain secret snippets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 84% confidence
Finding: The skill description frames the tool as a security audit utility, but the documented behavior extends into modifying repositories via git hook installation, persisting state, scheduled execution, and possible sub-agent use. That mismatch can mislead users into granting trust to a skill that performs broader actions than expected, increasing the risk of unintended persistence, filesystem modification, or automation in sensitive repositories.

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The README instructs users to install a pre-push hook that can block repository pushes, but it does not clearly warn that this modifies local repository behavior and can affect developer workflows. In a skill that is intended to be installed and run automatically, lack of disclosure about hook installation and enforcement behavior is a real security/usability concern because users may grant trust to code that intercepts version-control actions without informed consent.

Missing User Warnings

Medium

Confidence: 76% confidence
Finding: The README advertises environment variable leak detection but does not explain what environment data is inspected, whether values are logged, or how sensitive matches are handled. Because environment variables commonly contain secrets, a scanner that reads them without a privacy warning or data-handling disclosure can expose highly sensitive credentials through logs, reports, or terminal output.

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: The script writes multiple agent outputs to a predictable temporary location under /tmp and then preserves that directory after execution. Those reports may contain sensitive findings, repository contents, or leaked secrets discovered during scanning, which can be exposed to other local users or left behind longer than intended if filesystem permissions are permissive or the host is multi-user.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal