ClawHub

Ci Failure Fixer

Security checks across malware telemetry and agentic risk

Overview

The skill openly aims to repair CI failures, but it can drive recurring automated repository changes and pushes using the user's GitHub access without enough scoping or review controls.

Install only if you are comfortable giving it access to GitHub Actions logs and repository write workflows. Set CI_REPOS explicitly, use a least-privilege GitHub token, run it on demand before enabling cron, and require human approval or PR review before any commit or push.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill explicitly describes automatically applying fixes and pushing changes, which implies repository modification capability, yet no permissions are declared to bound or disclose that behavior. This creates a security and governance gap: operators may invoke the skill without understanding it can write to repos, and enforcement systems cannot apply least-privilege controls.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The invocation text is broad enough to activate on general CI-related requests such as diagnosing failed builds or watching GitHub Actions, even when the user did not intend autonomous repair. In this skill's context, overbroad triggering is more dangerous because the documented workflow includes repo-modifying actions and pushes, so an accidental invocation could lead to unintended code changes.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill states it will automatically apply fixes and push them without an explicit user-facing warning that repository contents will be modified. In a CI automation context, this is especially risky because users may interpret 'diagnose failed builds' or 'monitor GitHub Actions' as observational tasks, while the actual workflow can alter code, snapshots, lockfiles, and branches.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This pattern explicitly instructs the agent to run dependency-changing commands and then commit and push the resulting lockfile changes to the remote repository without any explicit approval or warning gate. In the context of an automated CI-fixing skill, this creates a real risk of unauthorized codebase modification, accidental dependency drift, or pushing changes that were not reviewed by a human.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Updating snapshots and then using broad staging (`git add -A`) followed by an immediate push can silently include unrelated file changes and normalize failing tests without verifying correctness. In this skill's context, snapshot churn is especially risky because the agent is designed to act automatically on CI failures, so it may hide regressions rather than fix them.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Repository-wide formatter and linter autofixes can rewrite large portions of the codebase, and the instructions again commit and push those changes without any user warning or confirmation. In an unattended CI-repair workflow, this can create broad, hard-to-review modifications, trigger semantic changes from autofix rules, and overwrite intentional local or branch-specific formatting decisions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
E2E snapshot updates can materially alter expected UI behavior, and pairing them with `git add -A` and direct push makes it easy to commit unrelated or incorrect artifacts. Because this skill is meant to repair CI automatically, it may convert legitimate behavioral failures into accepted baselines without ensuring the application is actually correct.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The decision tree operationalizes automatic fix-and-push behavior for multiple failure classes, turning direct remote repository modification into the default response for recognized patterns. This is more dangerous in context because the skill monitors CI failures and may act on incomplete log analysis, causing repeated unauthorized commits, masking regressions, or introducing risky changes at scale.

Missing User Warnings

High
Confidence
99% confidence
Finding
This section describes unattended cron-driven CI monitoring that reads logs, applies fixes, and rechecks status, effectively authorizing autonomous repository changes on a schedule without a human in the loop. In the skill context, that materially increases risk because a misclassification, compromised CI signal, or unsafe fix pattern could repeatedly modify and push code to production repositories at scale.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal