ClawHub

Git Flow Helper

Security checks across malware telemetry and agentic risk

Overview

This Git helper is not malware, but it can run risky repository-changing shell commands without enough safeguards.

Review carefully before installing. Use it only in repositories where you are comfortable checking every Git operation manually, do not pass branch names or commit values from untrusted sources, and avoid the cleanup command unless you have first listed exactly which local branches will be deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill builds shell commands by directly interpolating untrusted branch names, commit hashes, and other parameters into exec() calls. This can enable command injection if an attacker supplies crafted input containing shell metacharacters, and the skill context makes this especially dangerous because it is explicitly designed to execute repository-changing Git operations on demand.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are generic enough to activate on ordinary Git-related requests, which can cause the skill to take over broad user interactions beyond its intended scope. In a skill that suggests branch, merge, rebase, and cleanup operations, overbroad activation increases the chance of unsafe or unintended guidance being surfaced in the wrong context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises destructive and history-rewriting operations such as branch cleanup and rebase without warning users about data-loss, force-push, or workflow risks. This is dangerous because users may follow generated commands that delete branches or rewrite commit history without understanding consequences, especially in shared repositories.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger patterns are broad enough that the skill may activate for generic Git-related requests without clear scoping, increasing the chance that dangerous repository-modifying actions are invoked unexpectedly. In the context of a skill that can execute destructive and shell-backed operations, overbroad activation materially raises misuse risk.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill exposes destructive operations such as merge, rebase, cherry-pick, and branch deletion without warnings, previews, or confirmation prompts. In a Git-management context, this can lead to accidental data loss, history rewriting, or branch deletion, and the danger is amplified because the implementation directly executes the requested actions rather than simulating or validating them first.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal