ClawHub

Git Workflow

Security checks across malware telemetry and agentic risk

Overview

This Git automation skill is not malware, but it needs review because it can automatically stage, commit, and push repository changes without clear approval safeguards.

Install only if you want an agent to manage Git commits and pushes. Before use, require it to show `git status`, relevant diffs, exact staged files, generated commit message, target branch, and remote URL; avoid `git add .` in sensitive repositories and do not allow automatic push without explicit approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advertises automatic detection, commit-message generation, and automatic push to remote repositories without warning about the risks of publishing unreviewed changes. In a Git workflow context, this can expose secrets, proprietary files, or unintended modifications to remote systems, especially if the skill is invoked broadly.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Using 'git add .' and then 'git push' without requiring review of staged content or the remote destination is dangerous because it can unintentionally include sensitive files, generated artifacts, credentials, or unrelated local changes. In a skill meant to automate Git actions, this materially increases the chance of unauthorized or irreversible publication.

Missing User Warnings

High
Confidence
98% confidence
Finding
The example instructs automatic commit and push immediately after an analysis task completes, with no human review or confirmation before remote publication. This is especially risky because generated outputs may contain sensitive data, incorrect results, or files from the wrong repository, and the trigger is vague enough to fire unexpectedly.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger is simply "git", which is so broad that the skill may activate during ordinary discussion about Git rather than an explicit request to perform repository actions. In this skill, accidental activation is more dangerous because the documented workflow includes staging all changes and pushing to a remote, which could cause unintended repository modifications or disclosure of local work.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill advertises automatic detection, commit-message generation, and automatic push without warning the user that it may stage and transmit changes to a remote repository. In context, this is particularly risky because the workflow explicitly uses `git add .` and `git push`, which can include unintended files, secrets, or unfinished work and send them off-host without a deliberate review step.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manifest describes broad Git automation such as automatic commit, push, and multi-repository management without clearly constraining when those actions are allowed or what repositories are in scope. In a skill with exec/write/read permissions, ambiguous triggers increase the chance of unintended repository modification or data transmission, especially if invoked from loosely related user requests.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The manifest explicitly advertises automatic commit and remote push behavior but does not warn that the skill can modify local repositories and transmit content to remote servers. Because pushing can exfiltrate sensitive code, secrets, or internal documents, omission of an explicit disclosure and confirmation step creates a meaningful security risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The example normalizes a workflow where the skill automatically commits changes and pushes them to a remote without any visible confirmation, review step, or safety disclosure. Examples shape agent behavior and user expectations, so presenting silent push behavior makes accidental publication of proprietary or sensitive material more likely.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal