ClawHub

gitea-commit-report-skills

Security checks across malware telemetry and agentic risk

Overview

This Gitea reporting skill is mostly coherent, but it can gather activity data across all visible repositories and email it to derived recipients without a required confirmation step.

Install only if you intend to let this skill read Gitea repository activity and send HTML progress reports by email. Use a read-only, narrowly scoped Gitea token; prefer specifying a single repository and date range; and confirm the recipient list, generated report preview, and GITEA_URL value before allowing any email to be sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill claims to collect commit records and generate reports, but it also enumerates repository collaborators and owner identities, expanding the data collection scope beyond the stated minimum. This can expose internal membership information and supports employee/activity profiling, especially when paired with emailed reports to admins.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The code looks up each inactive member's last commit date and computes inactivity days, creating a contributor surveillance/profile dataset beyond simple commit summarization. In a workplace setting this can be sensitive personnel telemetry and may be misused for monitoring or disciplinary purposes if distributed broadly.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrase "帮我生成进度报告" is broad enough to match routine reporting requests without clearly signaling that the skill will enumerate repositories and send emails externally. This increases the chance of accidental activation for a user who intended only local analysis or draft generation, causing unintended data processing and outbound communication.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill advertises sending HTML emails to repository administrators but does not require a user-facing warning that repository-derived content will be transmitted to external recipients. Because the workflow can process all visible repositories by default, this can lead to unintended disclosure of project activity summaries to recipients without deliberate user approval at execution time.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
Step four operationalizes outbound email delivery with no mandatory confirmation, despite including HTML generation and recipient selection from repository metadata. This is more dangerous than a documentation issue because it directly instructs autonomous dispatch of potentially sensitive summaries, enabling accidental data exfiltration or misuse if the skill is triggered broadly.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
python-dotenv>=1.0.0
Confidence
93% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
python-dotenv>=1.0.0
Confidence
89% confidence
Finding
python-dotenv>=1.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
96% confidence
Finding
requests

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal