gitlab-weekly-report

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do the advertised GitLab weekly-report task, but its credential handling is risky enough that users should review it before installing.

Install only if you are comfortable granting the skill access to GitLab project names, branch names, commit messages, and activity history. Use a least-privilege, expiring token; avoid putting real tokens in the skill file, chat, or shell history; and remove or review curl's TLS-bypass behavior before using it against a real GitLab server.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The skill documents stored configuration fields including user ID, username, email, and a Git personal access token in plain language. Even if placeholders are shown, this normalizes collecting and handling sensitive credentials directly in the skill flow, increasing the chance that a user pastes real secrets into prompts, logs, or shared workspace files.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The instructions tell the user to run a script with a personal GitLab token passed as a command-line argument, without any warning about secret exposure. Tokens supplied on the command line can be exposed through shell history, process listings, logs, screenshots, or telemetry, making credential compromise realistic.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The saved configuration section explicitly lists personal identity fields and a GitLab token as if they are part of normal stored skill data, with no protections or cautionary language. In this context, the skill is designed to retrieve private development activity, so embedding credential-like configuration materially raises the chance of account and repository data exposure.

Ssd 3

High

Confidence: 99% confidence
Finding: The skill combines instructions to use a personal access token with natural-language documentation that includes saved account details, creating a strong prompt-level path for users or downstream agents to reveal secrets during execution. Because the task accesses private GitLab events and commits, compromise of the token could expose source code history, project metadata, and potentially broader account-scoped API access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal