ClawHub

Git Monitor

Security checks across malware telemetry and agentic risk

Overview

This Git monitoring skill mostly matches its stated purpose, but it needs Review because it can run broad Git operations, reset local repositories, reuse Feishu credentials, and send repository update summaries externally.

Install only if you intentionally want this skill to clone and update repositories and send update summaries to Feishu. Before use, clear or review the bundled repository list, confirm the Feishu bot and target chat, use least-privilege credentials, avoid untrusted branch names or unusual repo inputs, and do not point it at repositories where uncommitted local changes could be lost.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill reads Feishu credentials from environment variables, a global OpenClaw config, and local config.json, which expands its privilege scope beyond basic Git monitoring into credential access. Even if intended for notifications, this undisclosed access to unrelated secrets increases the blast radius of the skill and creates unnecessary secret exposure opportunities.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The code sends outbound Feishu notifications containing repository change summaries, but this external transmission capability is not reflected in the stated skill description. Undisclosed outbound messaging is security-relevant because it can exfiltrate repository metadata, commit messages, file names, and change patterns to a third-party service without clear user awareness.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger examples are broad natural-language phrases and the metadata explicitly says the skill should be used even when the user does not clearly say 'monitor'. That can cause unintended invocation during ordinary discussion about repositories, leading the agent to perform repo tracking or code-pull actions without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README advertises automatic code pulling, monitoring, and push notifications but does not clearly warn that the skill will make outbound network requests and may perform periodic background checks. In an agent setting, lack of transparency about ongoing external access can cause unintended data exposure, unexpected resource usage, and user surprise around continuous monitoring behavior.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation instructs users to set Feishu application credentials and chat identifiers as environment variables without any warning about their sensitivity or handling requirements. If these secrets are logged, committed, or exposed through debugging or shared shell history, an attacker could abuse notification integrations or access associated messaging capabilities.

Vague Triggers

High
Confidence
92% confidence
Finding
The activation conditions are extremely broad, covering many common repository-related terms and instructing use even when the user did not explicitly request monitoring. In an agent environment, this can cause over-triggering of a skill that pulls code and contacts external services, leading to unintended repository access or notification behavior.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The user-facing markdown emphasizes convenience but does not prominently warn that the skill may automatically pull code and push updates to Feishu or the current chat. Missing disclosure is risky here because repository contents, metadata, or summaries may be sent externally or fetched automatically without the user realizing it.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Sensitive credentials are harvested from multiple ambient sources without any visible consent or disclosure path to the user. This creates a stealthy secret-access pattern where the skill may consume organization-wide Feishu credentials simply because they are present in the environment or shared config.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal