ClawHub

Git Batch Commit

Security checks across malware telemetry and agentic risk

Overview

This Git commit helper is not overtly malicious, but it includes ClawHub publishing and sync-state changes that go beyond ordinary commit creation.

Install only if you want a commit helper that may also prompt for ClawHub skill publication when a `skills/clawhub-sync/` workflow is present. Do not approve sync or publish prompts unless you have inspected the publish directory, confirmed no secrets or private files are included, and intentionally want the allowlist and sync records changed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
This referenced workflow materially expands a commit-only skill into post-commit publication behavior, including external ClawHub publishing and metadata mutation. That creates a scope mismatch: a user invoking a Git commit helper could unintentionally trigger software distribution and repository state changes unrelated to the requested commit task.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The file instructs the agent to run an external publication command (`clawhub publish`) after a Git commit, which is outside the advertised commit-splitting purpose. Even though it targets a specific path, this still enables unintended package publication, possible disclosure of repository content, and supply-chain impact if a user did not explicitly request release/distribution actions.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
These instructions direct modification of `sync-allowlist.yaml` and related sync metadata, which changes release policy/state beyond the justified role of a commit helper. Altering allowlists can silently authorize future publication flows, so the risk persists beyond the immediate commit and can surprise maintainers later.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal