ClawHub

Gitlab CI Linter

Security checks across malware telemetry and agentic risk

Overview

This GitLab CI linting skill appears useful, but it should be reviewed because it can inspect many unrelated YAML files when given a directory.

Before installing, check whether directory mode is opt-in and whether it limits itself to .gitlab-ci.yml or explicitly included CI files. Avoid running it on broad repository roots that contain Kubernetes secrets, app configs, or other sensitive YAML unless you intend those files to be read.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill advertises execution of a bundled Python script that reads user-supplied files and directories, and the static analyzer also detected network-capable code, yet the manifest declares no permissions. Undeclared sensitive capabilities are dangerous because they prevent informed consent and review; if the script performs remote calls or scans broad paths, it could expose repository contents or send pipeline data off-host unexpectedly.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The tool’s advertised scope is GitLab CI pipeline linting, but `find_pipeline_files()` recursively processes every `.yml` and `.yaml` file under the supplied path. In an agent context, this can cause the skill to inspect unrelated configuration files, secrets manifests, Kubernetes specs, or application configs, violating least surprise and potentially exposing sensitive data in lint output or causing broad unintended file access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal