Back to skill

Security audit

Relay GitCode CLI

Security checks across malware telemetry and agentic risk

Overview

This is a coherent GitCode CLI helper, but it can make real authenticated changes to repositories and pipelines.

Install this only if you want an agent to manage GitCode through gd. Provide least-privilege tokens, enable TLS verification where possible, start with read-only commands, and require explicit approval before moves, recreate syncs, raw API writes, release publishing, or pipeline changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill documents repository-moving operations that can alter ownership or names of repositories, which are potentially destructive or disruptive if executed on the wrong target. In an agent skill, the absence of an explicit confirmation/safety warning increases the chance of accidental irreversible changes, especially when automation is involved.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documented `--if-exists recreate` behavior can delete and recreate repository targets, which is directly destructive and may cause data loss, broken integrations, or loss of settings/history depending on platform semantics. Because the skill presents this as a normal workflow without an explicit hazard warning or confirmation requirement, an automated agent could invoke it unsafely.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow documents `--if-exists recreate` for `gd repo sync-github`, which can delete and recreate a target repository, but it does so without an explicit warning or requirement for deliberate confirmation. In an agent skill context, this is dangerous because an automated system may select the documented option and irreversibly destroy repository state, settings, issues, or releases if the target is misidentified or the operation is triggered on the wrong repo.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.