ClawHub

Software Data Github Interact Developer Helper

Security checks across malware telemetry and agentic risk

Overview

This is a GitHub workflow helper with broad and somewhat messy activation text, but it does not include executable code, hidden persistence, credential theft, or automatic repository changes.

Install this if you want help turning GitHub issues, pull requests, CI results, and repository context into action plans. Because its activation hints are broad, explicitly invoke it only for GitHub-related work and review any proposed gh/API commands before allowing labels, comments, assignments, merges, or other live repository changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The manifest advertises a narrowly scoped GitHub issue/PR/repository helper, but the actual skill content expands into broad Clawhub demand-validation, bug fixing, setup hardening, reliability work, and adjacent skill creation. This scope mismatch can cause the agent to invoke the skill in contexts where users expect safe GitHub guidance but instead receive unrelated or overly broad workflow instructions, increasing the chance of unintended actions or policy bypass through confused delegation.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The body documentation defines a generic software workflow assistant rather than a GitHub-specific helper, which creates ambiguous authority and broadens when the skill may be selected. In agent systems, overbroad skills are dangerous because they can be auto-routed into tasks they were not designed or reviewed for, leading to misleading outputs, unsafe suggestions, or accidental execution planning outside intended guardrails.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The title and trigger framing promise a GitHub interaction helper, but the surrounding text redirects the purpose toward generic demand-validation and adjacent-skill creation. This inconsistency can mislead both users and orchestration logic, making the skill easier to invoke under false assumptions and reducing trust in routing and safety review outcomes.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are highly generic and include broad wording like 'help me' and 'I need a practical workflow,' which can cause the skill to activate in situations far outside its intended GitHub-specific scope. In an agent environment, unintended invocation can route repository, issue, or PR-related actions through the wrong skill, increasing the chance of incorrect guidance, unsafe command generation, or misuse of repository context.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are generic and partially templated, which can cause the skill to activate for loosely related requests rather than explicit GitHub workflow tasks. In an agent ecosystem, overbroad activation can misroute user intent, cause unintended tool usage or API guidance, and increase the chance that repository or issue-handling behavior is invoked in the wrong context.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger keywords include very common terms such as 'github', 'cli', 'issue', 'run', and 'api', which are likely to match many unrelated requests. Overbroad activation is risky in agent environments because it increases accidental invocation, causing the wrong skill to influence outputs or steer workflows unexpectedly.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation description is broad and vague, covering many categories of practical support without clear boundaries. Ambiguous activation criteria can cause unintended routing and make it difficult to reason about what the skill is allowed to do, which weakens reviewability and increases the chance of unsafe or irrelevant assistance.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill enables implicit invocation without any visible activation constraints, scoping rules, or approval boundaries. Because this skill is designed to inspect GitHub context and plan repository actions, unintended auto-selection could expose repository metadata or steer an agent into higher-risk workflows without an explicit user request.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger sentence begins with a very broad phrase ('Help me') and then embeds generic GitHub-related workflow language, which can cause the skill to activate in many ordinary conversations that were not intended to invoke it. In an agent setting, over-broad activation can lead to incorrect routing, unnecessary repository-context handling, or accidental execution of higher-trust workflow guidance in the wrong context.

Vague Triggers

Medium
Confidence
92% confidence
Finding
This trigger is ambiguous because it describes a broad need for a 'practical workflow' without defining clear activation boundaries, making it hard for the agent to distinguish this skill from many other software-planning or documentation skills. In a multi-skill environment, that ambiguity increases the chance of misfires, context confusion, and unsafe delegation of repository-related actions to the wrong skill.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal