ClawHub

Git Sentinel

Security checks across malware telemetry and agentic risk

Overview

Git Sentinel largely matches its code-review purpose, but this release exposes a bundled ClawHub token and can read arbitrary local file paths into the agent review context.

Use Review caution. Do not install this version unless the publisher removes and revokes the bundled ClawHub token and narrows file handling to explicit, repo-contained paths. If used anyway, run it only on files you intentionally want shown to the agent and avoid repositories containing secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill can be invoked by broad phrases like "code review, check, or audit" without clear scoping, which increases the chance of unintended activation. Because the skill then instructs the agent to run a local script that reads staged changes or arbitrary files from the repository, ambiguous triggering can cause over-broad access to sensitive code or secrets during ordinary conversations.

Vague Triggers

Low
Confidence
98% confidence
Finding
The root package declares a devDependency as "latest", which makes builds and skill activation non-deterministic and allows future upstream releases to change installed behavior without a code change in this repository. In a security-sensitive agent skill, that increases supply-chain risk because a compromised or malicious newly published version could be pulled during install and execute package lifecycle scripts or alter tooling behavior.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script prints the full constructed review prompt, including the contents of all staged or targeted files, directly to stdout. In CI logs, terminal scrollback, shell history capture, or shared developer environments, this can expose source code, secrets, credentials, or proprietary data to unintended viewers.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal