ClawHub

Deterministic security fixes for infrastructure code via Gomboc.ai Community Edition

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Gomboc code-remediation skill, but it needs review because it can automate repository changes and push them with limited safeguards or data-flow disclosure.

Install only if you trust Gomboc with the repositories you scan. Prefer scan and fix-generation modes first, use a dedicated branch, inspect diffs before merging, avoid unattended --push workflows, scope and protect GOMBOC_PAT, and pin or separately audit the MCP Docker image before running it persistently.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly promotes autonomous remediation and direct commits/pushes to user repositories without nearby warnings about review gates, backup/branching, or the risk of unintended code changes. In a code-modification skill, this omission is dangerous because users or agents may apply bulk changes automatically, increasing the chance of repository corruption, policy violations, or unsafe fixes being committed at scale.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation includes a token-display command (`gomboc config --show-token`) without cautioning that it reveals sensitive credentials on screen, in shell history, logs, screenshots, or shared terminals. This is especially risky in agent, CI, and collaborative environments where output may be captured automatically, leading to credential exposure and downstream account compromise.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The CI/CD example enables automatic fixes in pipelines (`auto-fix: true`) without warning about unattended repository modifications, approval requirements, or branch protections. In the context of an agent skill designed for autonomous remediation, this increases the likelihood of silent or large-scale code changes being introduced into repositories without adequate human oversight.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documented workflow explicitly enables `--commit` and `--push`, which authorizes an automated process to modify repository contents and publish those changes without any warning, approval gate, or discussion of branch-safety implications. In CI/CD context this is risky because generated fixes may be incorrect, overbroad, or exploitable if the underlying remediation tool or inputs are compromised, and users may copy this example directly into production workflows.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation explicitly advertises commands such as fix, remediate, and commit:true that can change repository contents or create commits/pull requests, but it does not warn users that these actions are state-changing and should be reviewed before use. In an agent context, omission of such warnings increases the chance that users invoke destructive or hard-to-revert actions without understanding that code will be modified automatically.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide instructs users to provide a personal access token and submit repository paths to remediation services, but does not disclose that source code and related metadata may be transmitted through the local MCP server and potentially to external backend services. This lack of transparency can cause unintentional exposure of proprietary code or secrets, especially when used by agents operating over broad repository scopes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide instructs users to persist a personal access token in their shell profile, which increases the chance of long-term credential exposure through dotfile leaks, shared accounts, backups, or accidental publication. While common in developer docs, it omits warnings about credential sensitivity and safer alternatives, so the issue is a real security weakness in guidance rather than overtly malicious behavior.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The remediate command can trigger remote code modification workflows, optionally commit changes, and push them without an interactive confirmation step or a conspicuous disclosure that code context may be transmitted to an external service. In a developer tool, this increases the chance of accidental integrity-impacting actions and unintentional disclosure of sensitive source code or repository state to a third party.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal