ClawHub

Forgejo Workflow

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Forgejo workflow skill that needs a Forgejo token and can change repository data, but its access matches its stated purpose.

Install only if you want the assistant to use your Forgejo account for repository work. Use a least-privilege token, avoid storing it in shared shell profiles or logs, verify FORGEJO_URL before commands run, and require explicit confirmation for delete, merge, migration, wiki delete, label delete, and milestone delete operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README instructs users to export a long-lived Forgejo token into shell environment variables without any explicit guidance on safe handling. Environment variables can be exposed through shell history, process inspection, debug output, crash reports, or accidental logging, so normalizing this pattern in setup docs increases the chance of credential leakage.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents `fj repo delete owner/repo` as a normal operation without any adjacent warning, confirmation requirement, or instruction to obtain explicit user approval first. In an agent skill, this increases the chance that an automated workflow could execute an irreversible destructive action on the wrong repository or without sufficiently informed consent, especially because the skill otherwise encourages direct command execution against a live Forgejo instance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal