ClawHub

Jules API

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Google Jules API helper, with repo-changing power that is disclosed and should be used carefully.

Install only if you are comfortable giving this skill a Jules API key tied to your connected GitHub repositories. Prefer plan approval for important repos, review generated plans and diffs before accepting changes, avoid AUTO_CREATE_PR unless you intentionally want autonomous pull requests, and verify session IDs before deleting sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents an AUTO_CREATE_PR workflow that can autonomously modify connected repositories and open pull requests, but it does not prominently warn users about the consequences. In this context, omission of that warning is dangerous because the tool operates on real GitHub repos and may cause unintended code changes, workflow noise, or unsafe commits at scale.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The delete-session operation is presented without any warning that removal may be irreversible and may erase access to session history, activities, or artifacts. That increases the risk of accidental destructive use, especially in an operational tool intended to manage long-running coding sessions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The delete subcommand issues an irreversible DELETE request immediately with no confirmation prompt, dry-run mode, or explicit warning. In a CLI that manages remote AI coding sessions, this increases the chance of accidental destructive actions from mistyped IDs, copied commands, or automation mistakes, even though it is not inherently malicious.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal