ClawHub

panda-git-commit

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Git commit-message helper that reads repository changes and history, with optional local config writes and commits tied to user-invoked workflow steps.

Install if you are comfortable with the agent reading local Git diffs, recent commit messages, and repository configuration where you invoke it. Review generated commit messages, EXTEND.md changes, and any proposed git commit before accepting them, and avoid staging secrets before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The description frames the skill primarily as a commit-message generator, but the documented workflow also reads git history, inspects hooks/configuration, analyzes staged and unstaged diffs, and can write `.panda-skills/panda-git-commit/EXTEND.md` or execute `git commit`. This mismatch can mislead users and orchestrators about the true data exposure and write-side effects, increasing the risk of unconsented repository inspection or modification.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger list includes broad everyday terms such as `commit`, `提交`, and `git commit`, which can cause accidental invocation in ordinary conversation or unrelated contexts. Because this skill can inspect repository state and ultimately perform write actions like generating config or committing changes, overbroad activation increases the chance of unintended analysis or side effects.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
The skill automatically infers language from recent git history and applies that preference unless overridden, which means commit history content is processed without explicit user opt-in. In isolation this is low severity, but in a repository tool the behavior can expose more historical context than users expect and may produce outputs based on stale or mixed-language history.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal