ClawHub
Back to skill

Security audit

GitHub Interaction Developer Helper

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only GitHub workflow helper with disclosed, purpose-aligned guidance and no executable payload or hidden persistence.

Installers should treat this as a GitHub workflow advisory skill, not a silent automation tool. Because it can suggest comments, API calls, gh commands, and CI/repository actions, users should review any proposed mutating action and confirm the target repository, PR or issue, branch, and permissions before running or posting anything.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description is broad enough to match many common development requests involving GitHub, PRs, issues, CI, or review support, which can cause unintended activation outside narrowly intended contexts. Over-activation is risky because this skill includes guidance for mutating repository operations, so invoking it without explicit repository/action scoping could lead an agent to propose or initiate unnecessary GitHub changes.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger keywords are very generic terms frequently present in ordinary software conversations, which increases the likelihood that the skill will activate when the user did not specifically request GitHub workflow automation. Because the skill supports operational GitHub actions and review workflows, accidental activation could steer the agent toward inappropriate repository-context assumptions or mutating recommendations.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description is broad enough to match many ordinary developer conversations about GitHub, PRs, issues, reviews, or CI, which can cause unnecessary or unintended invocation. Over-broad triggering increases the chance that the skill is activated outside its intended context, potentially steering workflows or outputs without sufficient user intent or repository-specific validation.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger-word list contains very generic terms like GitHub, issue, pull request, review comments, and CI without any scoping rules or exclusion criteria. This makes false activation likely, which is dangerous because the skill may inject process guidance or automation behavior into routine discussion that did not actually request this specialized workflow.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill enables implicit invocation without any visible activation constraints, which increases the chance the agent will invoke this GitHub-focused capability in broader contexts than intended. Because the skill can influence repository, PR, issue, review, and automation workflows, unintended activation could expose repository context or trigger sensitive workflow guidance in situations where the user did not explicitly request this skill.

Vague Triggers

High
Confidence
93% confidence
Finding
The trigger sentence is so broad and malformed that it can activate on generic requests unrelated to the intended GitHub workflow scope. In an agent-routing system, this increases the chance of accidental invocation, causing the skill to process irrelevant prompts and potentially expose users to unintended instructions or workflow assumptions.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The activation scope is ambiguous because the trigger section mixes generic user-intent phrases with copied requirement text rather than precise skill-entry conditions. This can cause overmatching during tool or skill selection, leading the agent to invoke this skill in contexts where it is not appropriate and reducing the safety and predictability of routing.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal