Monorepo Management

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only monorepo guide with standard user-run setup, build, caching, CI, and publishing examples, with no hidden execution or data theft found.

Install only if you trust the GitHub source. Review commands before running them in a real repository, especially cleanup, dependency update, deploy, remote-cache login, and package publishing snippets. For sensitive or proprietary repositories, review Turborepo remote cache settings and exclude secrets or sensitive build outputs before enabling shared caching.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The remote caching section instructs users to log in and link to Vercel remote cache, but does not warn that build outputs, logs, and related metadata may be uploaded to a third-party service. In a monorepo context, cached artifacts can include proprietary code, environment-derived outputs, or other sensitive build data, so omission of a disclosure and scoping guidance creates a real security and data-governance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal