Back to skill

Security audit

Gitguard Skill

Security checks across malware telemetry and agentic risk

Overview

GitGuard is a disclosed local repository auditing tool, with expected read-only repo access and optional network checks, but users should understand the metadata those checks expose.

Install only if you are comfortable letting the skill read the repository paths you provide, run read-only git commands, and optionally contact npm, PyPI, and GitHub. Avoid pointing it at broad private directories unless you intend them to be scanned, and use a limited-scope GitHub token if enabling GitHub triage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises operational capabilities that include reading files, invoking git via shell, accessing environment variables, and making network requests, but it declares no permissions to make those powers explicit. This creates a transparency and consent gap: an agent or user may authorize the skill without understanding that it can access local repositories, read tokens from the environment, and contact external services.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The manifest advertises live GitHub API and package registry access, but it does not clearly warn users in the tool descriptions or manifest that repository metadata, dependency names, or issue/PR context may be transmitted to third-party services. In a security-scanning skill, users may reasonably expect local-only behavior, so understated network use can lead to unintended data disclosure and trust violations.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
Confidence
92% confidence
Finding
requests>=2.28.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.