ClawHub

Gitlab

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent GitLab CLI helper, but it gives an agent broad write and API authority without clear safety guardrails.

Install only if you are comfortable letting the agent use your authenticated GitLab CLI context. Use a least-privilege GitLab token, review commands before execution, and require explicit approval for merges, approvals, releases, CI retries, variable changes, non-GET API calls, and anything that could expose private project data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill includes state-changing GitLab operations such as approving, merging, checking out merge requests, and creating issues/MRs without any caution that these actions modify project state or may trigger downstream automation. In an agent context, presenting write-capable commands as routine examples increases the risk of unintended merges, comments, or workflow changes if the agent executes them without explicit user confirmation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented commands include retrying pipelines and modifying CI/CD variables, both of which can materially affect builds, deployments, secrets, and production behavior. Without warnings, an agent may treat them like harmless inspection commands, leading to accidental reruns, environment changes, or secret mishandling.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
`glab api` provides generic access to GitLab REST and GraphQL endpoints, which can be used not only for reads but also for writes and access to sensitive project, user, or token-scoped data. Documenting this broad capability without guardrails is risky because it gives an agent a flexible primitive that can bypass safer higher-level command restrictions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Creating a release publishes versioned metadata and may trigger automation, user notifications, or artifact distribution, making it a meaningful state-changing action. Because the skill presents `glab release create` without warning, an agent could initiate an unintended public or internal release as part of routine task execution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal