gh-cli
Security checks across malware telemetry and agentic risk
Overview
This is a documentation-only helper for GitHub CLI usage; it can guide powerful GitHub actions but does not include executable or hidden behavior.
Install only if you are comfortable letting the agent use guidance for GitHub CLI workflows. Review any gh command that merges pull requests, deletes issues or repositories, archives repositories, edits settings, or uses gh api, because those actions may operate with your GitHub account or token permissions.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.