ClawHub

Git Log Tracker (Commit Index & Query CLI)

Security checks across malware telemetry and agentic risk

Overview

The tool is mostly coherent as a local Git commit indexer, but it asks for mismatched high-impact capability tags and can persistently collect commit metadata across repositories through hooks and global Git configuration.

Install only if you want a persistent local commit index. Use repo-specific installation unless you intentionally want future repositories to inherit the hook through global Git templates. Review ~/.commit-logs contents and exclude rules, avoid using it on repositories with sensitive commit messages or identities unless acceptable, and treat reinstall/delete/update/global commands as state-changing actions that should require explicit confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill clearly instructs the agent to read files, modify git hook files, write to SQLite/config files, and run shell commands, yet it declares no explicit permissions. This creates a transparency and policy-enforcement gap: an orchestrator or reviewer cannot accurately assess or constrain the skill's real capabilities before use.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger examples are very broad everyday phrases such as installing hooks, finding commits, listing recent commits, and viewing statistics. In an agent environment, vague triggers can cause the skill to activate unexpectedly and perform sensitive repository-management or history-query actions in contexts where the user did not explicitly intend to use this tool, increasing the risk of unintended hook installation or metadata collection.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README advertises automatic post-commit logging into a local SQLite database but does not prominently warn users that ongoing commit metadata collection will continue after hook installation. Because commit subjects, author names, branch names, and repository identifiers may contain sensitive internal information, users may enable persistent surveillance-like logging without informed consent or retention expectations.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger guidance says to use this skill whenever the user mentions broad topics like commit history, git hook management, or structured commit queries, even if they do not name the tool. Overly broad auto-invocation can cause the agent to select a shell-capable, file-writing skill in situations where the user only wanted discussion or a safer read-only action.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documented reinstall commands reset the data directory and can delete the SQLite index and possibly related metadata, but the skill does not place an explicit, prominent warning next to the command about irreversible data loss. In an agent setting, that omission increases the chance a destructive command is suggested or executed without informed user confirmation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The reinstall command deletes the entire application data directory, or at minimum the database, without an interactive confirmation prompt, dry-run, or explicit force flag. In a tool that manages commit history across repositories, accidental invocation can irreversibly destroy indexed history and local configuration, causing data loss and weakening auditability.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The global command silently writes a post-commit hook template and modifies the user's global git init.templateDir, affecting future repositories system-wide. In the context of a hook-management skill, changing global developer tooling without a strong warning or confirmation increases the risk of unintended persistence and broad collection of commit metadata across repos the user did not expect to index.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The hook automatically collects and stores potentially sensitive metadata such as author and committer emails, repository paths, branch names, and commit bodies into a persistent SQLite database. In the context of an automatic post-commit hook, this can create an undisclosed local surveillance/retention risk, especially on shared systems or when indexing multiple repositories that may contain sensitive project names or commit content.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal