npm-git-install
Install npm packages directly from GitHub repositories using git URLs. Use when installing packages from private repos, specific branches, or unreleased versions not yet on npm registry.
85
82%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Security
5 findings — 1 critical severity, 1 high severity, 3 medium severity. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.
E005: Suspicious download URL detected in skill instructions
What this means
Detected a suspicious URL in the skill instructions that could lead the agent to download and execute malicious scripts or binaries. This includes links to executables from untrusted sources, typosquatting of official packages, URL shorteners that obscure the destination, and personal file hosting services.
Why it was flagged
Suspicious download URL detected (high risk: 0.70). Although many links point to official documentation and GitHub, the skill explicitly instructs installing arbitrary Git repositories (which can run build/prepare scripts and install binaries) and even includes a URL with an embedded ${GITHUB_TOKEN} — making it possible to distribute malicious code or leak credentials if the repos or tokens are untrusted.
W007: Insecure credential handling detected in skill instructions
What this means
The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.
Why it was flagged
Insecure credential handling detected (high risk: 0.90). The skill explicitly shows and instructs embedding Personal Access Tokens directly in git HTTPS URLs (and even includes a ghp_ token placeholder), which encourages the LLM to emit secret values verbatim in commands — an unsafe credential-handling pattern.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs installing packages directly from GitHub via git+https/git+ssh URLs (e.g., "npm install git+https://github.com/...") and notes that the workflow will git-clone and run package prepare scripts, meaning the agent/runtime would fetch and execute arbitrary, user-generated repository content from GitHub.
W012: Unverifiable external dependency detected (runtime URL that controls agent)
What this means
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Why it was flagged
Potentially malicious external URL detected (high risk: 0.80). The skill contains explicit runtime install commands that fetch and run remote repository code (e.g., npm install git+https://github.com/JEO-tech-ai/supercode.git#main), which causes a git clone and may run package prepare/build scripts—thus fetching and executing remote code at runtime.
W013: Attempt to modify system services in skill instructions
What this means
The skill prompts the agent to compromise the security or integrity of the user’s machine by modifying system-level services or configurations, such as obtaining elevated privileges, altering startup scripts, or changing system-wide settings.
Why it was flagged
Attempt to modify system services in skill instructions detected (high risk: 0.80). The guide instructs global npm installs that write to system locations (e.g., /usr/local), includes sudo commands (sudo chown, sudo apt-get install git) and steps that modify system-level files and credentials, so it can change the machine state and requires elevated privileges.
- Repository
- supercent-io/skills-template
- Commit
c033769
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.