ClawHub

OpenClaw Git Workflow

Security checks across malware telemetry and agentic risk

Overview

This is a local Git workflow helper with normal repository-tooling risks, but no evidence of hidden install behavior, exfiltration, persistence, or destructive code in the included scripts.

Install only if you want a local Git helper. Review git status and diffs before following any commit, push, rebase, merge, or branch-cleanup instruction, and be cautious using it on untrusted repositories because commit messages, filenames, and branch names are displayed directly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation includes branch cleanup and deletion flows, including examples that delete stale or merged branches, but it does not provide a clear warning that deletion is destructive and may remove unpushed or mistakenly identified work. In an automation-oriented skill, this omission increases the risk of accidental data loss, especially if users trust the tool to safely identify branches for removal.

Unvalidated Output Injection

High
Category
Output Handling
Content
def run_pr_description(args):
    """Generate PR description"""
    # Get branch diff summary
    result = subprocess.run(
        ['git', 'log', f'{args.base}..{args.head}', '--oneline'],
        capture_output=True,
        text=True,
Confidence
88% confidence
Finding
subprocess.run( ['git', 'log', f'{args.base}..{args.head}', '--oneline'], capture_output

Unvalidated Output Injection

High
Category
Output Handling
Content
commits = result.stdout.strip().split('\n') if result.stdout else []

    # Get changed files
    result = subprocess.run(
        ['git', 'diff', f'{args.base}...{args.head}', '--name-status'],
        capture_output=True,
        text=True,
Confidence
90% confidence
Finding
subprocess.run( ['git', 'diff', f'{args.base}...{args.head}', '--name-status'], capture_output

Unvalidated Output Injection

High
Category
Output Handling
Content
def run_branch_strategy(args):
    """Show branch strategy suggestions"""
    # Get current branch
    result = subprocess.run(
        ['git', 'branch', '--show-current'],
        capture_output=True,
        text=True,
Confidence
78% confidence
Finding
subprocess.run( ['git', 'branch', '--show-current'], capture_output

Unvalidated Output Injection

High
Category
Output Handling
Content
def run_check_branches(args):
    """Check and clean branches"""
    # Get all branches
    result = subprocess.run(
        ['git', 'branch', '-a'],
        capture_output=True,
        text=True,
Confidence
86% confidence
Finding
subprocess.run( ['git', 'branch', '-a'], capture_output

Unvalidated Output Injection

High
Category
Output Handling
Content
branches = [b.strip().strip('* ') for b in result.stdout.strip().split('\n') if b.strip()]

    # Get default branch
    result = subprocess.run(
        ['git', 'symbolic-ref', 'refs/remotes/origin/HEAD'],
        capture_output=True,
        text=True,
Confidence
70% confidence
Finding
subprocess.run( ['git', 'symbolic-ref', 'refs/remotes/origin/HEAD'], capture_output

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal