ClawHub

Gitcode Pr Comment Workflow

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent GitCode PR workflow, but it gives unsafe token-handling instructions while enabling repository changes and pushes.

Install only if you are comfortable with a skill that can guide edits, commits, pushes, and PR comments on GitCode repositories. Do not store GitCode tokens in MEMORY.md, do not paste tokens into URLs or command lines, prefer gitcode auth login or a secure secret store, and verify the repository path, branch, remote, diff, and temp directory before allowing any write, push, comment, or cleanup step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The document explicitly instructs storing a GitCode access token in MEMORY.md, which creates unnecessary credential persistence for a workflow that only needs temporary authentication. Persisting tokens in project or agent memory files increases the chance of accidental disclosure through commits, logs, workspace sharing, or later prompt/tool access.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly tells users to store or provide a GitCode token, but does not warn that tokens are sensitive credentials that must not be exposed in prompts, temp files, command history, or logs. In this workflow, the token may be reused across CLI and API commands, so casual handling increases the chance of credential disclosure and unauthorized repository access.

Missing User Warnings

High
Confidence
99% confidence
Finding
Placing an access token in the URL query string is unsafe because URLs are commonly recorded in shell history, terminal scrollback, proxy logs, browser history, and process listings. Since this skill is for PR workflows against real repositories, leaking the token could allow unauthorized reads or writes depending on token scope.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The cleanup step recommends recursive forced deletion of `temp/` without requiring path verification, which can become destructive if the current directory is not the intended workspace or if path resolution is altered. In agentic workflows that may change directories during git operations, an unguarded delete instruction increases the risk of accidental data loss.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
Recommending authentication via an access_token query parameter is dangerous because URLs are commonly exposed in shell history, browser history, proxy logs, server logs, referrer headers, and debugging output. In the context of a PR workflow that may use curl, CLI tools, and remote services, this materially increases the chance of credential leakage.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal