ClawHub

Github Trend Observer

Security checks across malware telemetry and agentic risk

Overview

This GitHub research skill is coherent and disclosed; it mainly reads GitHub data with the local GitHub login and creates local reports.

Install only if you are comfortable letting the skill use your local GitHub CLI session for read-only repository research and API quota. Avoid running it on private repositories unless that is intended, and be cautious opening generated HTML reports when they include data from unfamiliar repositories because report fields are not consistently escaped.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
cmd = [sys.executable, os.path.join(SCRIPT_DIR, script_name)]
        if args:
            cmd.extend(args)
        result = subprocess.run(
            cmd, capture_output=True, text=True, timeout=timeout,
            encoding="utf-8", errors="replace"
        )
Confidence
84% confidence
Finding
result = subprocess.run( cmd, capture_output=True, text=True, timeout=timeout, encoding="utf-8", errors="replace" )

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The template injects `{{activity_html}}` directly into the page as preformatted HTML, which can enable stored or reflected XSS if any upstream GitHub-derived or user-controlled content is included without strict sanitization. In this skill context, the report aggregates external developer/repository data, so rendering raw HTML from that data is more dangerous than a normal text-only dashboard because untrusted content can execute in the viewer's browser.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger scope includes a catch-all clause covering essentially any request involving GitHub project discovery, trend analysis, or paradigm judgment. This can cause the skill to activate in situations broader than users expect, increasing the chance that it will invoke authenticated GitHub tooling and process account-scoped data without clear, task-specific consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly relies on a locally authenticated gh CLI and the GitHub API, but it does not prominently warn users that execution may use the local GitHub session and associated account permissions. In an agent context, this creates a meaningful risk of unintended access to private metadata, account-scoped resources, or API consumption beyond what the user realized they were authorizing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal