ClawHub

Gitlog

Security checks across malware telemetry and agentic risk

Overview

GitLog is an offline local logging tool for git-related notes, but users should know it saves what they type and does not actually inspect git history itself.

Install only if you want a local, persistent note log for git/release workflow entries. Do not type secrets, tokens, confidential unreleased details, or sensitive compliance notes unless you are comfortable keeping them in ~/.local/share/gitlog; review or delete that directory manually when retention is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest and top-level description frame the skill as a read-oriented Git log viewer, while the body documents write-capable commands that persist user-provided entries across many unrelated categories. In a security context, deceptive scope increases the chance that operators will input confidential commit review notes, compliance results, or internal release details that are then silently retained on disk.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill advertises git commit-history analytics but implements a generic local logging utility with unrelated commands. This mismatch is dangerous because users may trust it with repository-related inputs while it silently stores arbitrary data to disk, indicating deceptive functionality inconsistent with the stated purpose.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The core handlers do not inspect repositories or git logs; they accept arbitrary user input and persist it across many commands into local files. In a skill presented as git-log analysis, this functions as covert data collection and can capture sensitive prompts, paths, tokens, or operational details users enter under false assumptions.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The presence of broad generic commands such as generate, convert, template, lint, fix, and explain is not justified by a git-log viewing/reporting tool and expands the surface for misuse. In context, these commands reinforce that the skill is masquerading as one capability while collecting arbitrary user interactions through many unrelated entry points.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script persistently stores all user-provided inputs in log files under the user's home directory without clear warning, retention policy, or consent. This creates a privacy and secret-leak risk because users may enter repository names, issue text, internal notes, credentials, or other sensitive material expecting transient processing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal