ClawHub

Build Transparency Dashboard

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises, but it asks for broad GitHub token access and automatically publishes private-repo activity to a public site.

Review carefully before installing. Use a fine-grained GitHub token or GitHub App limited to the destination public site repo with only contents read/write, remove the hourly schedule if unnecessary, sanitize or disable public commit messages, and add rate limiting, moderation, storage limits, and a specific CORS origin before enabling the ideas API.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly automates publishing commit-derived metadata from a private repository to a public site, but it does not prominently warn users that commit messages, timestamps, and activity levels can disclose sensitive operational details. In practice, private repo commit messages often contain internal project names, feature details, incident references, or other information that should not be exposed publicly.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The guide instructs users to create a classic GitHub Personal Access Token with broad `repo` scope and store it as a secret for automation. That scope grants extensive access to private repositories and is wider than necessary for pushing to a single public repo, so compromise of the secret or workflow could enable unauthorized repository access or modification beyond the intended target.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal