Github Stars Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward GitHub repository stats tracker; it uses an optional GitHub token and local state in ways that fit its purpose, though its documentation overstates some features.

Install only if you are comfortable with a Python CLI contacting GitHub and storing a small local JSON tracking file in your home directory. Avoid broad GitHub tokens; for public repositories, use no token if rate limits are acceptable or use a fine-grained read-only token.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill documentation instructs users to use environment variables, local file state, and GitHub network access, but it does not declare any permissions. This creates a transparency and governance gap: users and hosting platforms cannot accurately assess or constrain the skill’s access, increasing the risk of unexpected token exposure, unauthorized file modification, or network use.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 86% confidence
Finding: The skill’s declared behavior does not accurately match what it appears to do: it omits local tracking-list management and additional metadata collection, while claiming fork monitoring, notification, and trend analysis that are not actually implemented. This is dangerous because users may grant tokens or rely on the skill under false assumptions about data handling and security-relevant behavior.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: An overly broad trigger can cause the skill to activate during ordinary conversations about GitHub stars or project activity, potentially invoking file/network actions unexpectedly. Because this skill uses GitHub tokens and local state, accidental activation is more risky than for a purely informational skill.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The repository-tracking trigger phrase is ambiguous and lacks clear activation boundaries, making accidental invocation plausible. In a skill that reads environment secrets, performs network requests, and writes local tracking data, unintended activation can lead to privacy, token-use, or state-management issues.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal