ClawHub

GitCode PR comment fix

Security checks across malware telemetry and agentic risk

Overview

The skill matches its stated GitCode PR workflow, but it gives unsafe options for supplying a repository access token.

Review before installing. Use a minimally scoped GitCode token, provide it only through a protected environment variable or secret manager, do not paste it into chat or pass it as --token, and confirm each reply or resolve action before allowing the skill to modify remote PR discussion state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly instructs use of sensitive capabilities: reading an environment token, calling a remote GitCode API, writing JSON context to disk, and invoking shell/Python commands, yet it does not declare explicit permissions beyond metadata requirements. Undeclared capability use weakens policy enforcement and user awareness, making it easier for an agent to access network, filesystem, or shell functionality without transparent consent boundaries.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation allows users to provide GITCODE_TOKEN in chat or via a CLI flag, both of which increase the chance the secret is exposed in conversation history, logs, shell history, process listings, or telemetry. Because this skill performs authenticated remote actions against PR discussions, compromise of the token could allow unauthorized API access and repository-side actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal