ClawHub

GitHub 项目分析助手

Security checks across malware telemetry and agentic risk

Overview

This skill coherently searches and analyzes GitHub repositories and only downloads code archives after user confirmation, with no evidence of hidden execution, persistence, or exfiltration.

Install only if you are comfortable with the skill contacting GitHub, using GITHUB_TOKEN from the environment when present, and saving selected repository zip files locally after approval. Prefer a minimally scoped read-only GitHub token, unset it when not needed, and treat downloaded repositories as untrusted until you review them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill explicitly instructs the agent to run Python scripts that use network access and read environment variables, but the skill metadata does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users and the platform may not realize the skill can access external services and local credentials such as GITHUB_TOKEN.

Context-Inappropriate Capability

Low
Confidence
80% confidence
Finding
The script reads a GitHub token from the environment even though public repository metadata and ZIP downloads often do not require authentication. In an agent-skill context, unnecessary credential access expands the trust boundary and increases the chance of accidental token exposure through logs, errors, reused headers, or future code changes.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README explicitly promotes downloading third-party code packages from GitHub but provides no safety guidance about treating those repositories as untrusted content. In this skill context, users are being guided from discovery directly to code acquisition, which increases the chance they will execute or import malicious code from highly ranked but unsafe repositories.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill states that it will automatically use the GITHUB_TOKEN environment variable if present, without explicit user notice or consent at the point of use. Even if intended only for GitHub API authentication, silent credential consumption is risky because it normalizes undisclosed access to secrets and could enable token transmission to external services.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal