Awesome Repo Builder

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill builds an awesome-list repository scaffold and its file/network behavior is disclosed and aligned with that purpose.

Install only if you want an agent to research a topic and create a new repository scaffold. Use a dedicated empty output folder, review generated AGENTS.md and verify_urls.py before relying on them, and use --force only when you intentionally want scaffold files in that output directory overwritten.

SkillSpector (1)

By NVIDIA

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill instructs the agent to perform file reads, file writes, and network-based research, yet it declares no permissions or constraints. This creates a trust and governance gap: an orchestrator or reviewer cannot accurately assess what the skill may access or modify, increasing the chance of unintended filesystem changes, unsafe external fetching, or overbroad execution in sensitive environments.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal