ClawHub
Back to skill

Security audit

Software Data Github Interact Developer Helper

Security checks across malware telemetry and agentic risk

Overview

This skill is a documentation-style GitHub workflow helper with broad activation wording, but it does not contain executable code, hidden behavior, credential handling, persistence, or destructive instructions.

Install this if you want a broad GitHub-style workflow helper for bug fixing, checklists, and reliability work. Be aware it may be invoked for loose developer requests because its triggers are generic and implicit invocation is enabled; prefer explicit invocation when you intend to use it, and avoid sharing secrets or sensitive private repository details unless the surrounding agent environment is trusted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (10)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger sentences are extremely generic and partially templated, which increases the chance that the skill is invoked for loosely related requests rather than explicit user intent. In an agent setting, unintended invocation can route user data or actions into a GitHub-oriented workflow that may generate repository-affecting guidance or operational steps without sufficient confirmation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README promotes GitHub interaction workflows but does not warn that using the skill may involve sharing repository contents, issue data, configuration details, or producing steps that affect repos and CI/CD state. In practice, users may invoke the skill without understanding that sensitive code, tokens, internal URLs, or repository operations could be implicated, increasing the risk of accidental disclosure or unsafe actions.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are extremely broad and include generic terms like GitHub, CLI, issues, PRs, bug fix, and generic help-me phrasing. In a skill-routing system, this can cause the skill to activate for many ordinary software requests outside its intended scope, increasing the chance of unintended tool use, prompt hijacking exposure, or workflow confusion.

Vague Triggers

High
Confidence
96% confidence
Finding
The skill description and usage guidance are broad enough to activate on many general software, GitHub, or CLI-related requests, even when the user's intent does not match this skill's specific purpose. Over-broad activation can cause inappropriate routing, unintended invocation, and increase the chance that a lower-scope or less-safe workflow is applied in the wrong context.

Vague Triggers

High
Confidence
98% confidence
Finding
The trigger keywords include highly generic terms such as 'github', 'cli', 'issue', 'run', and 'api', which are common across many unrelated user requests. This makes accidental or excessive activation likely, potentially hijacking routing decisions and causing the wrong skill to handle sensitive or unrelated tasks.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The example trigger sentences use everyday phrasing that does not establish clear activation boundaries, reinforcing the already broad matching behavior. In practice, this can normalize ambiguous invocations and make it harder for a router or maintainer to distinguish intended use from unrelated requests.

Vague Triggers

High
Confidence
97% confidence
Finding
The trigger keywords include very broad, high-frequency terms such as `github`, `cli`, `issue`, `run`, and `api`, which can cause the skill to activate in many unrelated conversations. This increases the chance of unintended routing, where users receive this skill's workflow even when they did not request it, potentially bypassing more appropriate or safer skills.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The example trigger phrases are generic requests like 'help me' and 'I need a practical workflow' combined with a long demand statement, but they do not define a clear activation boundary. This can train or bias routing toward matching vague user requests, making accidental invocation more likely and reducing predictability of skill selection.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The default prompt contains a very broad natural-language trigger and the skill also allows implicit invocation, which increases the chance the agent will activate in ordinary conversations unrelated to the user's intent. This can cause unintended tool/skill routing, surprising behavior, and expand the attack surface for prompt injection or unsafe downstream actions in contexts where the user did not explicitly request this skill.

Vague Triggers

High
Confidence
94% confidence
Finding
The trigger sentence begins with a generic phrase like 'Help me', which is common in normal conversation and can cause the skill to activate on many unrelated requests. In an agent-routing context, overly broad triggers increase the chance of unintended invocation, misrouting user tasks, and exposing the agent to adversarial prompt steering through accidental skill selection.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal