ClawHub

GitLab API

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed GitLab API helper that can read and modify repositories using the user’s GitLab token, with no evidence of hidden exfiltration or automatic execution.

Install only if you want an agent to use your GitLab token for repository operations. Prefer a dedicated least-privilege token, use read-only scopes unless writes are truly needed, protect any token file with restrictive permissions, configure only trusted HTTPS GitLab instances, and manually confirm the target project, branch, path, and commit details before any write or delete operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill clearly instructs the agent/user to execute shell commands (`mkdir`, `echo`, `curl`, `jq`, `base64`) but does not declare any permissions or constraints for that capability. That mismatch increases the chance of unreviewed command execution, including network access and repository modification, without an explicit trust boundary.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description says to use the skill for 'any other GitLab repository operations,' which is overly broad and can trigger the skill in contexts beyond simple read-only access. In practice, that broad scope includes destructive and privileged actions like writing, deleting files, and branch management, increasing the risk of unintended activation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The markdown provides direct instructions for create, update, and delete repository operations without prominent warnings, guardrails, or confirmation requirements. Because these actions can permanently alter repository contents and history/workflows, omitting warnings materially increases the chance of accidental destructive use.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This script can create or modify remote repository files immediately via the GitLab API with no built-in confirmation, dry-run mode, or guardrails. In an agent-skill context, that increases the chance of unintended or prompt-induced writes to a real repository, especially because the script is explicitly designed for autonomous repository operations.

Missing User Warnings

High
Confidence
96% confidence
Finding
The delete operation performs irreversible remote repository deletion without any interactive confirmation or safety check. In an automation/agent setting, a mistaken parameter, malicious prompt injection, or misuse of the skill could remove important files from a repository and commit that deletion upstream.

Session Persistence

Medium
Category
Rogue Agent
Content
Store your GitLab personal access token:

```bash
mkdir -p ~/.config/gitlab
echo "glpat-YOUR_TOKEN_HERE" > ~/.config/gitlab/api_token
```
Confidence
92% confidence
Finding
mkdir -p ~/.config/gitlab echo "glpat-YOUR_TOKEN_HERE" > ~/.config/gitlab/api_token ``` **Token scopes needed:** `api` or `read_api` + `write_repository` **Get a token:** - GitLab.com: https://gitla

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal