ClawHub

codebase-onboarding

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only codebase documentation skill with visible but sensitive optional debugging and wiki-export examples.

Install only for repositories you are allowed to inspect. Before running database, environment, JWT, or session examples, use local or development data where possible and redact outputs. Only provide Notion or Confluence tokens after reviewing the generated onboarding content and confirming the destination page is approved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The reference examples explicitly show publishing generated onboarding content to external SaaS platforms, which expands the skill from local documentation generation into remote content exfiltration and third-party publication. In an onboarding context, generated content can easily contain sensitive architectural, operational, or internal process information, so undocumented export pathways materially increase security risk.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The examples include authenticated API calls to Notion and Confluence without clear justification tied to the stated 'Codebase Onboarding' purpose, making the skill capable of sending potentially sensitive onboarding material outside the local environment. Even if intended as convenience examples, this creates an undocumented data-transfer behavior that could be misused or copied into agent actions without adequate review.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The debugging guidance tells users to print environment-derived secrets such as DATABASE_URL directly to the terminal without warning about credential exposure. In an agent skill context, this is risky because agents may capture command output in logs, chat transcripts, notebooks, or external systems, unintentionally disclosing credentials or internal infrastructure details.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill recommends decoding arbitrary JWTs and querying session records during auth debugging, but gives no privacy or handling warning. JWT payloads often contain user identifiers, email addresses, roles, tenant IDs, or other sensitive claims, and an agent following this guidance could expose token contents in logs or generated documentation.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The Notion example uses an environment-sourced token to perform authenticated remote publication, but the surrounding documentation gives no warning that credentials will be used or that content will leave the system. This omission increases the chance that users or agents will treat the snippet as harmless formatting logic rather than a privileged external write operation.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The Confluence example performs an authenticated POST to Atlassian Cloud using a token, yet the markdown does not warn about credential handling or remote publication of generated content. In a skill reference document, omission of such warnings can normalize unsafe copy-paste use and obscure the sensitivity of the transmitted onboarding data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal