ClawHub

Git Repo Cleaner

Security checks across malware telemetry and agentic risk

Overview

This Git cleanup skill is mostly purpose-aligned, but its generated cleanup script can delete branches and is unsafe to run on untrusted repositories without careful review.

Install only if you want a local Git repository audit tool and are comfortable reviewing generated shell scripts. Run audits on repositories you choose explicitly, treat `--fix` output as a draft, avoid `--force-delete` unless branches are backed up or disposable, and do not run generated scripts from untrusted repositories without manually checking every command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises and instructs use of file reads and shell commands against an arbitrary repository path, but does not declare permissions. Undeclared capabilities reduce transparency and policy enforcement, which can let a broadly-invoked skill access local files or run repository-inspection commands without explicit user or platform consent boundaries.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger phrases are broad and include common terms like "clean up repo," "repo maintenance," and "git audit," which can cause the skill to activate in situations the user did not specifically intend. Because the skill leads to shell-based repository inspection and cleanup-script generation, overbroad invocation increases the chance of unintended access to project data or unsafe maintenance guidance.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The status file advertises cleanup script generation with both safe deletion and a force-delete option, but it does not explicitly warn that these actions can permanently remove branches or alter repository state. In a skill intended for repository maintenance, users may treat generated commands as routine and execute them without understanding the destructive consequences, increasing the chance of accidental data loss.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal