GInstall OneClick

Security checks across malware telemetry and agentic risk

Overview

This skill openly helps an agent run a GitHub project installer, which is powerful but consistent with its stated purpose.

Install only after verifying the separate ginstall CLI source and version. Use guided or plan-only mode for unfamiliar repositories, avoid --yes unless the repo and environment are trusted, and use a least-privileged GitHub token that untrusted scripts cannot read.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger conditions are broad enough to activate the skill for common requests like 'install this repo' or 'clone and run dev', which can cause the agent to move quickly from a casual user request to cloning code, installing dependencies, and running developer scripts. In this skill's context, that is risky because those actions execute untrusted third-party project setup steps on the user's machine.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill description and operating guidance do not prominently warn that using the tool may clone arbitrary GitHub repositories, install dependencies, and start dev scripts, all of which may execute attacker-controlled code. Because the skill is specifically designed to automate setup and execution of third-party repos, the missing warning materially increases the chance of unsafe use.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal