ClawHub

Fulfill Git Escrow

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent bounty-fulfillment purpose, but it should be reviewed because it can use an Ethereum private key and submit wallet-backed fulfillment actions without an explicit confirmation step.

Install only if you understand the git-escrow workflow and are comfortable with wallet-backed actions. Use a dedicated low-value wallet, verify the `git-escrows` package source/version, run in a clean branch or disposable repo, inspect diffs before `git add -A`, and require explicit confirmation before any command that signs, submits, collects, or uses the private key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly depends on a local .env containing PRIVATE_KEY and instructs the agent to check for that file before proceeding. Even though it does not literally print the key, directing an agent to access credential-bearing local files creates unnecessary exposure of secret material and normalizes handling of sensitive wallet credentials inside an automated workflow.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill is designed to perform fulfillment submission over the network using an Ethereum RPC endpoint, which can trigger wallet-backed blockchain actions with financial consequences. It provides operational steps but no explicit warning, confirmation gate, or transaction-safety language before using configured credentials to submit a fulfillment.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal