ClawHub

github-search

Security checks across malware telemetry and agentic risk

Overview

This GitHub search skill has a legitimate research purpose, but crafted inputs could make its scripts run local shell commands.

Review or patch the scripts before installing. Prefer replacing curl+execSync with fetch or https, or at minimum use argument-array spawning with strict allowlists for repo names, sort, and order. Avoid passing untrusted repository names, and only set GITHUB_TOKEN if needed with a fine-grained read-only token.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script builds a shell command string and executes it with execSync, while interpolating user-controlled values such as the GitHub token into command-line headers. Although the query is URL-encoded, shell execution still expands the attack surface substantially and can lead to command injection or token leakage through process listings, logs, or malformed header content.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The repository name is user-controlled and is interpolated directly into a shell command passed to execSync. Because the value is placed inside double quotes, shell metacharacters such as command substitution can still be evaluated, enabling command injection and arbitrary code execution on the host running the skill.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs users to export a GitHub token directly via an environment variable example but does not include any warning about handling secrets safely, avoiding hardcoding, shell history exposure, or scope minimization. In a research skill that may be copied into shared terminals, logs, or automation, this increases the chance of credential leakage and misuse of a high-value API token.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal