ClawHub

Data Sync

Security checks across malware telemetry and agentic risk

Overview

This is a real sync helper, but it is risky because it can move Claude configuration and memory through a hardcoded root SSH server and GitHub account while documenting unsafe token handling.

Review carefully before installing. Use it only after changing the server, paths, and GitHub repositories to destinations you control. Prefer a restricted git-only SSH user instead of root, avoid PATs in URLs or shell commands, use deploy keys or a credential manager with least privilege, and inspect diffs before syncing Claude skills, hooks, settings, or memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The backup flow instructs users to configure GitHub credentials on the relay server and even embed a PAT in remote URLs. That expands the skill from simple sync into server-side credential handling, increasing attack surface and creating a high-value secret on an intermediary host that may be less trusted or less hardened than the endpoint.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs use of a GitHub token in an HTTP Authorization header for API verification but does not clearly warn about credential handling, shell history exposure, logging, or token scope. In a sync tool that already manages sensitive configuration repositories, casual token transmission guidance meaningfully increases secret exposure risk.

Ssd 3

High
Confidence
99% confidence
Finding
The instructions explicitly recommend storing GitHub personal access tokens in remote URLs and reusing them in command lines and curl headers. This exposes credentials in plaintext via shell history, process listings, config files, logs, backups, and server compromise, potentially granting full repository access and enabling unauthorized code/data exfiltration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal