ClawHub

GitHub Team Collaboration

Security checks across malware telemetry and agentic risk

Overview

This GitHub automation skill mostly matches its purpose, but it needs review because it uses a GitHub token for write-capable repository actions and can partially print that token.

Review before installing. Use a fine-grained GitHub token with only the repository permissions needed, avoid running the module directly until the token-prefix print is removed, and require explicit confirmation before any action that changes repository state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The __main__ test block partially prints the GitHub token, which is a sensitive credential. Even partial secrets can leak into logs, terminals, CI output, screenshots, or telemetry and aid token identification or correlation; exposing credentials is not necessary for this collaboration skill's functionality.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The description is broad enough to match many ordinary development-coordination requests, which increases the chance the skill is invoked in situations where users did not specifically intend GitHub automation or repository-affecting actions. In a skill that can manage PRs, issues, releases, and webhooks, overbroad routing can lead to unintended access to repo metadata or unintended state-changing operations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The authentication section instructs users to place a GitHub token in an environment variable but does not warn that the token is sensitive, should be minimally scoped, and must not be logged, echoed, committed, or shared. Because this skill performs networked GitHub operations, mishandling the token could enable unauthorized repository access, issue/PR manipulation, release actions, or webhook changes across the token's scope.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal