ClawHub

Git Auto

Security checks across malware telemetry and agentic risk

Overview

This Git automation skill is purpose-aligned, but it can commit all workspace changes and push them without the safety checks its documentation promises.

Review carefully before installing. Only use it in repositories where automatic commits and pushes are acceptable, inspect git status and diff yourself first, and do not rely on the documented sensitive-file, branch, conflict, or large-change safeguards unless they are implemented in a future version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The push invocation examples are broad natural-language triggers such as '푸시해줘' and '리모트에 올려줘', which can match ordinary user requests without confirming repository, branch, or destination. In an agentic setting, this increases the chance of unintended publication of local changes to a remote repository, especially because push is a state-changing and externally visible action.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The commit invocation examples are vague phrases like '커밋해줘' and '변경사항 커밋', which can cause the skill to commit all current changes based on ambiguous user intent. Because the documented behavior uses 'git add -A' followed by commit, an accidental trigger can stage and record unrelated, sensitive, or incomplete work.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The commit action stages all changes with 'git add -A' and commits them immediately using an auto-generated message, without preview or confirmation. In an automation skill that operates on a workspace, this can unintentionally capture sensitive files, unrelated edits, or deletions and persist them into repository history, making mistakes harder to reverse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The push action sends the current branch to the configured remote with no advance disclosure or user approval. This is more dangerous than a local commit because it can immediately exfiltrate workspace contents to an external service, including accidental secrets or proprietary code, and may trigger downstream CI/CD or sharing workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal