ClawHub

Oss Pilot

Security checks across malware telemetry and agentic risk

Overview

This is a coherent GitHub contribution automation skill, but it can modify local repos and make public GitHub changes from broad status-style prompts.

Install only if you want an agent to actively manage real GitHub contributions. Prefer explicit oss-prefixed commands, verify the authenticated gh account and target repo before use, run unfamiliar repos in a container or VM, review every shell/GitHub action before approval, and periodically inspect ./oss-pilot-data for stored profiles and archived PR context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The trigger list includes broad natural-language phrases such as "find issues," "what should I work on," and "morning check," which can match ordinary user requests and invoke a powerful automation skill unexpectedly. In this skill's context, accidental activation is more dangerous than usual because the system can drive GitHub operations, read repository instructions, and lead to shell-command execution for build/test workflows against untrusted repositories.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill advertises broad natural-language triggers such as "morning check" and "PR status," which can overlap with ordinary conversation and cause unintended invocation. Because the skill can perform repository and GitHub actions, accidental triggering could lead to unreviewed external side effects like posting comments, pushing fixes, or archiving context files.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs the agent to automatically take modifying actions such as auto-responding to comments, fixing CI issues, pushing changes, rebasing, updating context files, and moving files to archives, but it does not require explicit user confirmation before doing so. In an agent setting, this creates a real risk of unauthorized local file modification and external GitHub side effects from a routine status-check request.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The manifest declares multiple generic trigger phrases such as "find issues", "what should I work on", and "next PR", which can overlap with ordinary user requests outside the intended OSS-contribution workflow. In an agent environment, overly broad invocation phrases can cause the skill to activate unexpectedly and perform repository scanning, GitHub queries, and local workspace inspection in contexts the user did not clearly intend.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill directs the agent to run `gh`, `git`, `cat`, and looped shell commands against local repositories and GitHub resources without an explicit safety gate, dry-run step, or user confirmation for environment-impacting actions. In an agent setting, this can lead to unintended repository access, disclosure of local file contents, or execution in the wrong checkout/context, especially because inputs like `<REPO>` and `<LOCAL_PATH>` are interpolated into shell commands.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal