ClawHub

Auto Bounty Hunter

Security checks across malware telemetry and agentic risk

Overview

This skill openly targets GitHub bounty automation, but it promotes unattended public GitHub actions without enough user approval or repository scoping.

Install only if you deliberately want GitHub issue automation under your account. Before running it, set DRY_RUN=true and AUTO_CLAIM/AUTO_SUBMIT=false, avoid cron until you have reviewed behavior, and limit use to repositories where you have permission and understand contribution rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description is broad enough to trigger on generic requests about GitHub work, automation, income generation, or open source contributions, which can cause the agent to invoke a workflow that performs consequential external actions. In this context, overbroad matching is dangerous because the skill is designed to automatically claim issues and submit PRs on third-party repositories, creating a real risk of unintended repository interaction and spammy or unauthorized activity.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill advertises automated claiming and PR submission without prominent warnings that it can post comments, open pull requests, and otherwise affect external repositories under the user's identity. In this context, the omission is especially dangerous because the skill is purpose-built for unattended operation via cron, increasing the likelihood of mass unintended actions, reputational harm, rate-limit abuse, or violation of project/community rules.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal