ClawHub

DevOps Bridge

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it should be reviewed because it can monitor broad developer systems, post notifications, update tickets, run scheduled checks, and persist team mappings with limited safeguards.

Install only if you are comfortable granting an agent access to developer tools and team channels. Limit it to specific repositories, projects, and channels; use least-privilege credentials; require approval before ticket updates, comments, CI reruns, merges, or outbound messages; and periodically review stored workspace memory and any cron schedules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill advertises activation whenever the user mentions GitHub and Slack, or any two dev tools together, which is far broader than a narrowly scoped intent trigger. In practice this can cause the skill to engage on incidental conversations and pull in cross-tool context or perform actions the user did not explicitly request, increasing the chance of unintended data access or message delivery.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The description says the skill should connect tools for virtually any request involving development systems, which creates an overly permissive invocation boundary. Because this skill spans GitHub, messaging platforms, and issue trackers, accidental activation could expose repository state, team identity mappings, or send notifications into external channels without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs storing repository scope, notification destinations, reminder policy, and GitHub-to-Slack/Discord identity mappings in persistent workspace memory, but provides no retention, minimization, or consent guidance. That creates privacy and governance risk because team identity data and repository-monitoring preferences may persist longer than expected and be reused in later contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal