Back to skill

Security audit

ClawHub Push Skill

Security checks across malware telemetry and agentic risk

Overview

This is a ClawHub publishing helper that uses your local ClawHub token to upload chosen skill files, which is sensitive but matches its stated purpose.

Install only if you intend to publish skills to ClawHub from this machine. Before running it, inspect the target skill directory for secrets such as .env files, keys, private notes, or build artifacts, and be careful with batch mode because it can attempt to publish multiple skill directories without asking for confirmation for each one.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script reads an authentication token directly from user home-directory config locations without any explicit consent prompt or clear disclosure in the declared skill behavior. Even though this is functionally related to publishing, accessing local credentials is sensitive because a user may not expect a third-party skill to harvest auth material from disk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly advertises automatic handling of `acceptLicenseTerms`, which can normalize silent acceptance of legal terms without ensuring the user has reviewed or consented to them. In a publishing skill that submits content to a registry, this increases the risk of unauthorized or uninformed acceptance of binding license obligations.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README describes use of bearer tokens and token file locations but provides no warning about the sensitivity of those credentials or the security implications of transmitting them to the registry. This can lead users to mishandle long-lived authentication tokens, increasing the chance of credential disclosure or misuse in automated workflows.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill promotes one-click push behavior while omitting an explicit warning that it will read local authentication tokens and upload local skill contents to a remote registry. That omission can lead users to disclose sensitive source files, metadata, or credentials-derived access unintentionally, especially in batch mode where many files may be transmitted.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill loads a local authentication token and then recursively uploads all files in the target skill directory to a remote service, with only minimal exclusions and no explicit warning about what data will be transmitted. This creates a real risk of unintentionally exfiltrating secrets, private source files, or other sensitive content bundled in the directory.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.potential_exfiltration

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
push.js:17

Sensitive-looking file read is paired with a network send.

Warn
Code
suspicious.potential_exfiltration
Location
push.js:50