ClawHub

Git Manager

Security checks across malware telemetry and agentic risk

Overview

This Git management skill has a coherent purpose, but its implementation gives it high-impact repository control through unsafe and under-scoped execution paths.

Install only if you fully trust the publisher and can inspect or replace the missing helper script. Before use, require dry-run output, review exact files staged, branch, remote, and commit message, and avoid allowing automatic commit or push from broad natural-language requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill builds a shell command string from untrusted input and executes it with child_process.exec, which invokes a shell. Because arguments such as repo, message, files, branch, and from are concatenated without escaping or allowlisting, an attacker can inject shell metacharacters and achieve arbitrary command execution in the agent environment.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description includes very broad trigger terms like 'Git', 'repository', 'branch', and 'merge', which can match ordinary discussion rather than an explicit request to perform repository-changing actions. In an agent setting, this raises the risk of unintended invocation of a skill that can commit, pull, checkout, or push, potentially causing state-changing operations without sufficiently clear user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The OpenClaw session example states that the skill will chain 'git add . && git commit ... && git push' automatically, but does not prominently warn that this can stage all files and publish changes to a remote repository. In context, this is dangerous because the skill supports state-changing operations and the example normalizes automatic commit-and-push behavior from a natural-language request, increasing the chance of accidental code disclosure or unintended repository modification.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal