Back to skill

Security audit

GCCEO

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly static CEO-training material, but it bundles GitHub publishing steps that can use a user's credentials to create public content.

Review before installing. The training content itself appears static, but do not run publish.sh or follow the PAT-based publishing steps unless you intentionally want to publish this project to GitHub under the target account. Prefer browser-based GitHub CLI login or a short-lived fine-grained token limited to the exact repository, and remove personal contact details from public release text unless they are intended to be public.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script can create a GitHub repository and publish a release using whatever GitHub CLI credentials are already present on the host. That is an external side effect unrelated to the stated CEO-training purpose, and if this skill is run by an agent or user without carefully reviewing it, it could cause unauthorized publication of local content or modification of the user's GitHub account state.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill includes capability to interact with GitHub via `gh repo create` and `gh release create`, which can perform real networked actions under the user's authenticated identity. In the context of a non-deployment, CEO-education skill, this is unjustified functionality and increases the risk of unintended external publication, account misuse, or trust confusion if an agent executes it automatically.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide instructs users to create a classic GitHub Personal Access Token with broad `repo` access and then use it interactively, but it provides no warning about treating the token as a secret, avoiding storage in shell history, or preferring narrower-scoped authentication. This is dangerous because users may overprovision long-lived credentials and mishandle them, enabling repository compromise if the token is exposed.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The release template instructs users to publish an email address and phone number in a public GitHub release without any privacy warning or consent safeguard. Publicly exposing personal contact data increases spam, phishing, social engineering, and doxxing risk, especially when tied to a named individual and professional role.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.