ClawHub

Github

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly purpose-aligned GitHub automation, but it can make live repository changes, delete remote branches, store account metadata, and send project details to chat services with limited safeguards.

Review before installing. Use only with GitHub accounts and repositories where live mutation is acceptable, run cleanup and notification commands with --dry-run first, verify branch lists before deletion, and do not configure chat webhooks for private or regulated repository data unless that disclosure is approved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs users to configure Discord, DingTalk, Telegram, and Slack webhooks/tokens for notification delivery, but it does not warn that repository metadata, PR/issue details, authors, links, and other event content may be sent to third-party services. This creates a real risk of unintended data disclosure, especially for private repositories or sensitive development workflows.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The cleanup features include deleting merged and old branches, and the examples present these actions as routine without a prominent warning about irreversible data loss. In a GitHub automation skill, this context makes the issue more dangerous because users may run destructive maintenance commands quickly across active repositories or multiple accounts.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script writes GitHub account metadata including username, email, alias, authentication time, and granted scopes to disk under ~/.config/github-accounts without any explicit warning, consent flow, or restrictive file-permission handling. While it does not appear to store tokens directly, this still creates unnecessary local exposure of sensitive account-identifying information that could be read by other local users or backup/sync tooling, and the GitHub assistant context makes the data directly tied to privileged development identities.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script performs destructive remote branch deletion with `git push origin --delete` as soon as the command is invoked, but the advertised `-y/--yes` flag is never used to gate confirmation. This creates a real safety vulnerability: a user can unintentionally delete many remote branches due to operator error, misunderstanding, or automation, especially because the skill is explicitly designed for bulk PR cleanup across repositories.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The script automatically modifies PR metadata by adding the `stale` label without any confirmation or execution-time warning when not in dry-run mode. While less severe than branch deletion, it still changes repository state and can trigger workflow automation, notifications, or governance processes unexpectedly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal