Monorepo Management

Security checks across malware telemetry and agentic risk

Overview

This is a monorepo management guide with visible development, CI, deploy, and package publishing examples that match its stated purpose.

Install is reasonable, but treat it as a command reference: review any npx, deploy, publish, cleanup, and CI-token examples before running them, and only execute release or deployment commands against the intended repository, registry, and environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill includes deployment and publishing commands such as package release and app deployment without explicit warnings that these actions can modify external systems, publish artifacts, or consume privileged tokens. In a skill meant to be followed by an agent or user, omission of safety framing increases the risk of unintended release or deployment, especially in automated contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal