Back to skill

Security audit

Open Source Analysis

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only GitHub repository analysis skill with disclosed, purpose-aligned network and optional GitHub token use.

Install if you want structured GitHub project analysis. If you have GITHUB_TOKEN set, the agent may use it for GitHub API requests, so prefer a minimally scoped token and avoid asking it to analyze private repositories unless you intend authenticated access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill explicitly authorizes command-line API access using `curl` or `gh` and instructs the agent to automatically attach `GITHUB_TOKEN` if present. Even though the stated purpose is repository analysis, this expands the skill's capability to authenticated external requests and secret-bearing command execution, increasing the risk of token exposure, over-privileged API use, or unsafe request construction if repository/user input is incorporated into commands. The context slightly reduces risk because the skill also warns not to follow repository instructions, but the automatic use of credentials still makes this a real security concern.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger condition fires whenever a user provides a GitHub URL or broadly asks to analyze an open source project, which is permissive enough to activate in many ambiguous contexts. Overbroad activation can cause the skill to run unexpectedly, leading to unintended external lookups, unnecessary use of authenticated resources, and expanded exposure to untrusted repository content. In this skill, that danger is amplified because activation may lead directly to network/API access and optional credential use.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.