ClawHub

Peter Pr Ops

Security checks across malware telemetry and agentic risk

Overview

This PR automation skill is not malicious, but it can merge or auto-merge repository changes with broad defaults and limited confirmation guidance.

Install only if you are comfortable letting the agent use your current GitHub CLI account to merge PRs. Require an exact PR list and explicit confirmation before batch mode, auto-merge, running scripts/automerge or scripts/massageprs, invoking ensure-workflow-docs, or modifying docs/SESSION-BOOTSTRAP.md.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger scope is broad enough to match common requests like merging or cleaning up PRs, which can cause the skill to activate in situations where the user did not explicitly intend to delegate repository-changing automation. In this skill, accidental invocation is more dangerous because the documented actions include merging PRs and updating repository files, both of which have side effects on source control state.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents automatic merge behavior and automatic refresh of docs/SESSION-BOOTSTRAP.md without a clear warning or explicit confirmation step for repository-modifying actions. This is dangerous because the skill can perform irreversible or high-impact operations like enabling auto-merge, merging multiple PRs, or committing file changes based on an ambiguous user request, increasing the chance of unintended changes to the repository.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal