ClawHub
Back to skill

Security audit

Gingiris Github Star Growth

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only GitHub star-growth playbook; it contains disclosed marketing and outreach advice but does not run code or access user data.

Install this only if you want an agent to advise on GitHub star growth and developer marketing. Treat any DM automation, paid promotion, Hacker News submission help, or KOL outreach as activities that need human review for platform rules, consent, anti-spam expectations, and privacy handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes very broad phrases such as "open source community," "community growth," and "developer"-adjacent growth terms that can match many unrelated requests. In an agent environment, this can cause unintended skill activation and route general community or OSS questions into a persuasive growth playbook, increasing the risk of scope hijacking and inappropriate automated marketing guidance.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The SOP explicitly recommends automated DM outreach tools and message volume targets, which can drive users toward scraping, bulk contact, or processing personal/profile data without adequate privacy, consent, or compliance guidance. Although the document includes brief anti-spam notes, it does not explain lawful basis, data handling, retention, opt-out management, or platform-policy risks, making misuse foreseeable in a growth-operations context.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal