ClawHub

Auto Retex Backup

Security checks across malware telemetry and agentic risk

Overview

This skill openly aims to auto-document fixes, but it also tells the agent to automatically commit and push all workspace changes and recover GitHub credentials without prior user approval.

Review this skill carefully before installing. Only use it in a dedicated repository where automatic commits and pushes are acceptable, and do not let it access password managers or GitHub tokens unless you explicitly approve the exact files, branch, and remote destination first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill’s trigger is defined so broadly ('dès qu'un problème est résolu' / any friction point identified) that it can activate on many routine actions without clear user consent or repository scope checks. In context, that broad trigger directly feeds into mandatory documentation and Git publication steps, increasing the chance of unintended persistence or disclosure of work product.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill mandates automatic `git add -A`, `git commit`, and `git push` immediately after a fix, before any user-facing warning or approval. This is dangerous because it can publish unintended files, secrets, or sensitive operational details to a remote repository, especially when paired with a blanket add of all modified files.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instruction to recover a GitHub token dynamically via 1Password if push fails encourages access to sensitive credentials without prior user notification or authorization. In this context, credential retrieval is tied to automatic remote publication, making the skill more dangerous because it normalizes secret access as part of an unattended workflow.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal