ClawHub

Repomix Explorer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent repository-analysis skill, but it can run shell commands and create packed code files, so users should invoke it deliberately.

Install only if you are comfortable with an agent running Repomix commands on repositories you choose. Prefer reviewing the exact command first, avoid broad local scans of folders containing secrets, use scoped include/ignore patterns for private projects, and delete generated Repomix output files when they contain sensitive code.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill explicitly tells the agent to trust Repomix's automatic security exclusions when analyzing arbitrary repositories, which can cause the agent to lower its guard around untrusted content. In this context, the tool is being used on remote and local codebases that may contain secrets or prompt-injection content, so delegating trust to a third-party filter increases the chance of exposing sensitive data or mishandling dangerous repository content.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The local-analysis trigger phrases are broad enough to match ordinary user requests such as 'analyze this codebase' or 'what's in this project?', making accidental invocation likely. Because this skill executes shell commands and reads local directories, overbroad triggering can cause unintended repository packing, local file creation, and inspection of data the user did not specifically intend to process with this tool.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to run shell commands and generate output files, but it does not clearly require user-facing notice or confirmation about these side effects. In practice, this can lead to silent command execution, network access for remote repositories, and creation of analysis artifacts on disk, all of which increase the risk of unintended local changes, privacy issues, or surprise resource consumption.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal