ClawHub

lazyGithub Bootstrap

Security checks across malware telemetry and agentic risk

Overview

This skill visibly helps publish or update GitHub repositories, but users should confirm visibility and content before letting it push or edit metadata.

Install only if you want an agent to create or update GitHub repositories on your behalf. Before running it, confirm the target repo, public/private visibility, README content, description, homepage, topics, and whether pushing local files to GitHub is intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The manifest description is broad enough to trigger on many ordinary GitHub-related requests such as creating, publishing, fixing metadata, or syncing README/About content. Over-broad activation can cause the agent to invoke repository-modifying behavior in contexts where the user did not explicitly ask for remote publishing or metadata changes, increasing the chance of unintended side effects.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow directs the agent to create or update a GitHub repository and even create a README if missing, but it does not require an explicit warning or confirmation about remote publication, visibility, or local file modification. In practice, this could lead to accidental public repo creation, unintended pushes, or silent edits to local project files, which is especially risky because the skill is designed for state-changing operations on both local and remote resources.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The template explicitly instructs an agent to create or publish a GitHub repository and modify remote metadata, but it does not require an explicit user confirmation before performing external network actions or publishing code. In an agent setting, this can lead to unintended disclosure of private code or unreviewed remote changes if the prompt is used too eagerly or without a consent checkpoint.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The prompt directs the agent to fill or modify the README without warning that local project files may be edited automatically. This creates a risk of unreviewed content changes, especially if the README is generated from incomplete inference and the user did not explicitly authorize file modification.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
These additional templates instruct agents to publish to GitHub, update repository metadata, and verify results, but still omit user-facing warnings about privacy, remote side effects, and the possibility of exposing internal project details. Because the skill is specifically designed for repo publication and presentation sync, the absence of explicit consent and safety framing increases the chance of unintended external disclosure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The Claude-flavored prompt tells the agent to publish the project and edit repository presentation, including README and About fields, without stating that this may create or alter public-facing content on GitHub. In a skill intended to automate repository bootstrapping, that omission is dangerous because users may trigger publication workflows without a clear boundary between analysis, local edits, and public remote changes.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal