ClawHub

gemini-file

Security checks across malware telemetry and agentic risk

Overview

This Gemini CLI wrapper is mostly coherent, but its file-output helper can write or overwrite files outside the advertised output folder.

Review this before installing if you expect strict file containment. Use the default output location, avoid passing absolute paths or traversal-like filenames, do not use it for sensitive prompts unless you want saved local output, and confirm which Gemini account the local CLI is logged into.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The skill persists model output to disk, which can create unintended data retention of sensitive prompts or generated content. In an agent context, this is more dangerous because model outputs may contain secrets, personal data, or task artifacts that users expect to remain ephemeral.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The markdown states that output is always written to disk under the skill directory and returned as an absolute path, but it does not clearly warn users about persistent local storage or the privacy implications of saving model output. This is dangerous because prompts or generated content may contain sensitive data, and automatic persistence can leave recoverable artifacts on disk without informed consent.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script performs a user-influenced file write without any runtime confirmation, warning, or boundary checks on the target filename. Because --output-file is accepted verbatim and joined with a resolved directory, an absolute path or traversal-like input can cause writes outside the intended outputs directory.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal