Back to skill

Security audit

GitHub Code Analyzer

Security checks across malware telemetry and agentic risk

Overview

The skill has a coherent GitHub code-analysis purpose, but it runs a user-supplied repository URL through a shell and sends sampled code to an external AI API with limited privacy controls.

Review before installing. Use only on trusted public repositories in a disposable environment, and assume sampled source code and project structure may be sent to the external AI endpoint. The skill should be revised to use argument-based git execution, strict GitHub URL validation, secret redaction, clearer provider disclosure, and explicit user consent before remote AI submission.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill builds a shell command with a user-controlled repository URL and executes it via child_process.exec. This creates command-injection risk because shell metacharacters in the URL can break out of the intended git clone invocation, and it also grants the skill unnecessary subprocess capability for a code-analysis use case.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is presented as a GitHub code-quality analyzer, but it sends project structure and code samples to a third-party LLM endpoint. This is a data-handling and trust-boundary issue because users may reasonably expect local analysis and may unknowingly transmit proprietary or sensitive source code off-platform.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill description lacks a clear warning that it clones arbitrary remote repositories and may send code snippets or project structure to an external AI service. Even if this is part of the intended functionality, failing to warn users obscures supply-chain and privacy risks, especially when repositories may contain confidential code, credentials, or regulated data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Code samples from the cloned repository are transmitted to an external API without any warning, consent flow, or policy check. If users analyze private repos or repos containing embedded secrets, the skill can leak sensitive code or credentials to a third party.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
index.js:66

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
index.js:7