github-automation

[Skill Scanner] Skill instructions include directives to hide actions from user This skill is coherent with its stated purpose: it documents the set of GitHub operations it can perform via a managed MCP (Rube/Composio). There is no direct evidence of malware or obfuscated malicious code in the skill text. The primary security concern is that all GitHub OAuth tokens and API calls are routed through a third-party MCP (rube.app/mcp). That centralizes credentials and traffic and could be used to exfiltrate or misuse tokens if the MCP is untrusted or compromised. Before use, operators should verify the trustworthiness, access controls, and auditing practices of the MCP service and limit granted scopes to the minimum necessary. Overall I assess low probability of embedded malware in this skill material itself but moderate operational risk because of delegated credential handling and destructive GitHub operations. LLM verification: The skill’s documented capabilities align with its stated purpose (GitHub automation), but it routes all operations through a third-party MCP (https://rube.app/mcp / Composio) which centralizes OAuth tokens and API operations. That architectural choice is the primary risk: if the MCP or toolkit is untrusted or compromised it can exfiltrate credentials or perform destructive repository operations. No direct code-level malware, obfuscation, or hardcoded secrets are present in the provided fragment