Oathe Security Badge

Is lisniuse/github-trending-skill safe?

https://github.com/lisniuse/github-trending-skill

92
SAFE

This skill is a legitimate GitHub trending repository scraper that performs exactly as described. It makes HTTP requests only to GitHub's public trending pages and saves data locally to JSON files. No malicious behavior, sensitive file access, or security vulnerabilities were detected.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (4)

LOW Executable Python Script -15

The skill contains a Python script that performs web scraping operations. While legitimate, it represents executable code that could potentially be modified.

LOW External HTTP Requests -10

The script makes HTTP requests to GitHub's trending page to scrape repository data. This is the intended functionality but represents external network activity.

INFO Network Activity During Installation -5

Standard git clone operation resulted in network connections to GitHub servers.

INFO Documentation Contains Shell Commands -5

SKILL.md contains bash command examples, which is normal for documentation but represents potential command execution instructions.