Security audit for GitHub repositories, install scripts, and open source packages before installation. Use when the user wants to check if a repo or app is safe to install, review install scripts for malicious code, verify an open source project isn't collecting data, or audit dependencies for suspicious packages. Triggers on phrases like 'is this safe to install', 'check this repo', 'review this script', 'audit this code', 'is this sketchy', 'can I trust this', 'should I install this'.
Audits a GitHub repository, install script, or package for malicious code, data collection, suspicious dependencies, and supply chain risks before installation.
Determine what to audit:
gitingest skill to fetch a text digest of the repocurl | bash URL) → fetch it with WebFetchReadIf the user only provides a name (no URL), search for the official repo first.
For GitHub repos, invoke the gitingest skill to get a full text digest. Focus on:
README.md, install.sh, Makefile, setup.py, package.json, requirements.txt.github/workflows/, .travis.yml, DockerfileFor install scripts, fetch the raw URL and read the full content.
Work through the checklist systematically. Load references/red-flags.md for the full catalog of patterns to look for.
High-priority checks (always run):
postinstall, pip setup.py install, etc.Quick signals (not conclusive, but useful context):
Structure the report as:
## Security Review: <repo/package name>
**Verdict:** Safe / Caution / Do Not Install
### Summary
1-3 sentences on the overall risk level.
### Findings
- [CRITICAL] ...
- [HIGH] ...
- [MEDIUM] ...
- [LOW/INFO] ...
### What it does (data & network)
What data the code accesses and where it sends it.
### Recommendation
What the user should do: install as-is, install with caveats, audit further, or avoid.
Use severity levels: CRITICAL (active malice), HIGH (strong red flag), MEDIUM (suspicious but explainable), LOW/INFO (worth noting).
If no issues are found, say so clearly — a clean bill of health is a valid outcome.