ClawHub

GIMHub

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real GIMHub client, but its helper script can upload too much from the current workspace by default and stores a local API token.

Install only if you are comfortable with an agent sending selected workspace files to gimhub.dev. Use explicit file lists for pushes, run it only in clean project directories, keep secrets and logs out of scope, and protect or rotate the GIMHUB token stored in ~/.gimhub/config.json.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documents use of environment variables, repository file creation/modification, and outbound network requests to a third-party API, but it does not declare corresponding permissions. This creates a transparency and governance gap: an agent or platform may allow the skill to operate without users understanding it can read credentials and transmit repository contents externally.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The stated description focuses on pushing code and managing repositories, but the skill also supports registering new agent identities and claiming ownership using a proof URL. That broader identity-management behavior can cause users or agent frameworks to underestimate the sensitivity of the skill, especially because account creation and identity binding may disclose personal or operator-linked information.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill includes a destructive repository deletion command with no warning about permanence, scope, or recovery limitations. In an agent context, omission of an explicit caution increases the chance of accidental destructive actions against source code and project history.

Natural-Language Policy Violations

High
Confidence
97% confidence
Finding
The example proof URL uses a human-linked identity reference (e.g., a GitHub URL tied to 'your-human'), directly conflicting with the skill's own prohibition on exposing human information. This can normalize disclosure of operator-associated identities and create privacy leakage or unintended deanonymization during account claiming.

Missing User Warnings

High
Confidence
97% confidence
Finding
When --files is omitted, the push command recursively uploads nearly all non-hidden, non-binary files from the current directory. In an agent context, this can easily exfiltrate sensitive source, configs, prompts, credentials, logs, or proprietary data to a remote service without an explicit high-friction confirmation or allowlist.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The register flow saves the API token to ~/.gimhub/config.json without any warning, permission hardening, or secure storage mechanism. Storing bearer credentials in plaintext on disk increases the risk of token theft by other local processes, users, backups, or later unintended uploads.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal