GitHub Skill Updater

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed GitHub-based skill updater that can change local skills, so it should be used deliberately but does not show hidden or malicious behavior.

Install this only if you want an agent to check and modify local git-cloned skills. Before running updates, confirm the target path and git remote, review upstream changes when possible, and keep a rollback path for any skills that affect important workflows.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill instructs the agent to execute shell commands and perform repository updates that modify local files, yet it declares no permissions. This creates a capability/permission mismatch that can bypass user expectations and safety controls, especially because the update path performs writes via git operations and script execution.

Self-Modification

High

Category: Rogue Agent
Content: 更新单个 skill： ```bash ./skills/github-skill-updater/scripts/github-skill-updater update skills/<skill-name> ``` 也可以直接调用 Python 主脚本：
Confidence: 88% confidence
Finding: update skill

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal