ClawHub

YiHui GIT MONITOR

Security checks across malware telemetry and agentic risk

Overview

This Git monitoring skill has a plausible purpose, but it asks for recurring repository pulls and automatic use of shared Feishu credentials without enough scoping or user control.

Review before installing. Use it only for repositories and chats you intentionally want monitored, avoid exposing shared Feishu credentials unless you want this skill to send messages through that bot, and verify the actual runtime implementation because the referenced helper.js is not present in the reviewed package.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill documents automatic discovery of Feishu credentials from environment variables and the host OpenClaw configuration, then uses them to send outbound notifications. That expands the skill from Git monitoring into credential access and external data egress, which is security-relevant and not tightly scoped to the core function. In this context, automatic code pulling plus outbound messaging can expose repository names, change summaries, and other metadata to external destinations without an explicit, prominent consent boundary.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list includes broad, common phrases such as GitHub, GitLab, Gitee, 拉取代码, and 同步代码, which can cause the skill to activate for general requests that are not intended to invoke repository monitoring. In agent environments, overbroad triggering increases the chance of accidental execution of repository pulls, checks, or notifications in unrelated conversations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The top-level description says the skill will automatically pull code and generate summaries, but it does not prominently warn users that repository contents may be fetched and processed automatically. In the context of an agent skill, failing to surface these side effects undermines informed consent and can lead to unexpected network activity or handling of sensitive code.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation states that Feishu credentials may be read automatically from environment variables or the main OpenClaw configuration and used for push notifications, but it does not present a prominent privacy/security warning. Because this involves credential use and outbound messaging, the lack of explicit disclosure makes unintended data egress and misuse more likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal