ClawHub

Release Manager

Security checks across malware telemetry and agentic risk

Overview

This is a coherent release-management skill whose risky examples are release/runbook templates rather than hidden or automatically executed behavior.

Use this in repositories you control, review generated changelogs and version recommendations before publishing, and require explicit human approval before running any generated release, rollback, database, cache, webhook, or production infrastructure command. Treat the GitHub/Slack examples as optional network integrations and verify what data they send.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The README states the toolkit uses only the Python standard library, but later examples import and use the third-party requests package and make outbound HTTP calls. This is a supply-chain and transparency issue: operators may approve or run the skill under a false assumption about dependencies and network behavior, which is especially relevant in restricted CI/CD or sensitive repositories.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README includes examples that send repository and release information to GitHub APIs and Slack webhooks without warning users that data is transmitted to external services. In a release-management context, this data can include version plans, issue metadata, approval states, and operational status, which may be sensitive in private repositories or internal environments.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The rollback section includes concrete operational commands such as traffic switching, feature disabling, database rollback, and Redis FLUSHALL, but provides no explicit preconditions, approval requirements, environment scoping, or 'do not use when' guidance. In an agent skill context, that makes it easier for an automated system or operator to execute destructive rollback steps prematurely or in the wrong scenario, causing avoidable outage, data loss, or broad service disruption.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal