Security audit
🤖 GitHub自动管家
Security checks across malware telemetry and agentic risk
Overview
The package has no executable code, but it advertises broad GitHub automation with sensitive-credential metadata and does not explain scope, user controls, or how it avoids needing an API key.
Review this before installing if you expect it to manage real GitHub repositories. The artifact does not appear to contain malware or runnable code, but it is too vague about authentication and safeguards for broad GitHub automation; use it only in a controlled account or repository until its permissions and confirmation behavior are clear.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.