Merge Check
Security checks across malware telemetry and agentic risk
Overview
This skill is a read-only GitHub pull request analysis helper, with expected use of the GitHub CLI and no evidence of hidden, destructive, or persistent behavior.
Install only if you are comfortable letting the skill query GitHub through your local gh login and include PR discussion, review text, and private repository metadata in the analysis. Use a GitHub account or token with the least access needed for the repositories you review.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.