ClawHub

Gemini CLI

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Gemini CLI helper, but users should understand that selected files and prompts may be sent to Google's Gemini service.

Install only if you are comfortable using Google's Gemini CLI and sending the specific files or prompts you select to Gemini. Use a scoped API key, avoid putting keys directly on the command line or in synced shell profiles, and run batch or context commands only on intended directories without secrets, customer data, or regulated content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The skill claims the tool 'does NOT modify your system beyond running commands,' but later documents workflows that write files such as generated apps, batch outputs, redirected reviews, and loop-produced docs. This mismatch can mislead users and higher-level agents about the side effects of invoking the tool, increasing the risk of unintended file creation or overwriting in the local workspace.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invocation guidance is overly broad, covering many common development tasks without clear boundaries for when this skill should or should not be activated. In an agentic environment, that ambiguity can cause over-selection of a networked external AI tool, increasing unnecessary exposure of code, documents, and prompts to a third-party service.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill repeatedly encourages sending codebases, images, PDFs, and prompts to Gemini, but it does not present a prominent user-facing warning that this content leaves the local environment and is transmitted to Google's service. Because this tool is specifically used on potentially sensitive developer assets, inadequate disclosure materially increases the chance of confidential data exfiltration or policy violations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation includes examples that place API keys directly on the command line, such as inline environment assignments and a `--api-key` flag, without warning that these values may be exposed through shell history, process listings, terminal logs, or CI job output. In a security-sensitive CLI, normalizing this usage increases the chance that users will leak long-lived credentials unintentionally.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The command reference repeatedly encourages passing local files and directories with `--context`, `--review`, `--explain`, `--from-image`, and `--from-pdf` but does not warn that the contents may be transmitted to an external AI service for processing. In this skill context, users are likely to point the tool at source trees, patches, specs, screenshots, or PDFs that may contain proprietary code, credentials, personal data, or regulated information.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The examples repeatedly send local source code, screenshots, PDFs, stack traces, and other project artifacts to an external AI service, but they do not warn users about possible disclosure of secrets, proprietary code, personal data, or regulated information. In a CLI skill specifically designed to operate on codebases and documents, this omission increases the likelihood of unintentional data exfiltration through normal use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script uploads a user-supplied image or PDF to the external Gemini service via `gemini create` without any explicit warning, confirmation, or data sensitivity check. Design files and PDFs often contain proprietary source material, credentials, internal architecture, or regulated data, so silent transmission to a third-party AI service can cause unintended data exposure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal