ClawHub

GitCode Release Notes

Security checks across malware telemetry and agentic risk

Overview

This skill transparently uses a GitCode read token to fetch commit history and generate release notes, with no evidence of hidden persistence, mutation, or unrelated data access.

Install only if you are comfortable letting the skill read GitCode commit history available to your token. Use a revocable read-only GITCODE_TOKEN, run it only for intended repositories and ranges, and review generated release notes before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if sys.platform != "win32":
        return None
    try:
        out = subprocess.check_output(
            [
                "powershell",
                "-NoProfile",
Confidence
89% confidence
Finding
out = subprocess.check_output( [ "powershell", "-NoProfile", "-Command", "[Environment]::GetEnvironmentVariable('GIT

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill explicitly directs use of environment variables, network access to the GitCode API, and shell execution of a Python script, but the skill manifest does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: an agent or platform may execute privileged actions the user did not clearly authorize, including sending repository identifiers and token-backed API requests to an external service.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Reading user/system-level environment variables via a spawned PowerShell process exceeds the minimum capability needed to generate release notes. In an agent setting, this broadens secret access beyond explicit user input and may bypass expectations that the skill only uses the current execution environment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal