ClawHub

rn-bundle-to-github

Security checks across malware telemetry and agentic risk

Overview

This skill fits a React Native release workflow, but it asks users to run a mutable remote shell script with GitHub repository credentials and publish authority.

Review before installing. Use only a fine-grained GitHub token limited to the intended repository, inspect or pin the publish.sh script before running it, and run from a clean branch where commits, tags, pushes, and GitHub Releases are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The instructions say a token file can be 'read-only' while the workflow later requires creating releases and uploading assets, which needs write-capable repository permissions. This mismatch can mislead users into creating or handling credentials incorrectly and obscures the real privilege level required for the automation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs users to place a GitHub Personal Access Token in a local file without an explicit warning that it is a sensitive secret. Storing long-lived credentials in plaintext under a predictable path increases the chance of accidental disclosure through backups, shell history, screenshots, local compromise, or misuse by other tooling.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow performs repository-changing actions such as modifying package.json and CHANGELOG.md, committing, tagging, pushing, and creating releases, but does not present a clear upfront warning that running it will change local and remote repository state. Users may invoke the skill expecting packaging only and unintentionally publish code or metadata to GitHub.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal