ClawHub

Yeet

Security checks across malware telemetry and agentic risk

Overview

This skill is not deceptive, but it gives an agent broad authority to publish repository changes to GitHub without enough built-in confirmation gates.

Install only if you want an agent to publish code through GitHub. Before use, review `git status` and the diff, make sure no secrets or unrelated files are present, and require the agent to ask before staging, committing, pushing, or creating the PR.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to stage all changes, commit, push to a remote, and create a GitHub pull request, but it does not require an explicit confirmation immediately before modifying the repository and publishing changes. Those actions are state-changing and network-facing, so if the skill is invoked in the wrong context or with an overbroad diff, it could unintentionally publish sensitive or unintended changes.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The invocation text is broad enough that an agent may select this skill for loosely related requests such as 'prepare this branch for review,' even when the user did not explicitly authorize staging, committing, pushing, or opening a PR. In this context, that can lead to unintended source-control actions and external publication of code via GitHub, which is materially risky because the skill description says it should be used only for an explicit one-flow request.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal