ClawHub

Nm Sanctum Do Issue

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches an issue-automation purpose, but it also tells agents to post tooling feedback to an unrelated GitHub Discussions repo without an explicit user approval gate.

Install only if you want an agent to automate issue implementation with GitHub/GitLab CLI access and subagents. Before use, disable or require confirmation for the external night-market feedback step, review proposed issue comments and closures before they are posted, and avoid broad automatic activation in sensitive repositories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to post workflow/tooling reflections to an external GitHub repository unrelated to the user's current repo or issue. This creates an unintended cross-boundary data exfiltration path: internal repo details, operational metadata, or sensitive context could be disclosed to a third-party destination without explicit user approval.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes broad terms like "github," "gitlab," "issues," and "automation," which are likely to appear in many ordinary conversations. In an agent environment, this can cause unintended skill activation, leading the agent to fetch issue data, invoke external CLIs, or start parallel subagents in contexts where the user did not explicitly request this workflow.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The skill includes commands that comment on and optionally close GitHub issues, which modifies remote repository state. While this is aligned with issue automation, the instructions do not require an explicit confirmation or warning before performing these side effects, increasing the risk of unintended issue updates or premature closure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal