ClawHub

auto-commit

Security checks across malware telemetry and agentic risk

Overview

This skill openly tells the agent to make local Git commits after code changes, which matches its purpose but needs careful use.

Install only if you want the agent to create local Git commits automatically after it changes code. In sensitive repositories, say "do not commit" when you want to inspect changes first, and keep secrets or unfinished work out of the working tree.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger scope is broad enough to activate on essentially any coding task, which can cause the skill to run in repositories or contexts where the user did not intend autonomous version-control actions. Broad activation increases the chance of unintended commits and compounds the risk of the later 'commit automatically' behavior.

Missing User Warnings

High
Confidence
97% confidence
Finding
Automatically creating git commits changes repository history, which is a significant side effect that users may not expect from a code-editing skill. In sensitive repositories, this can preserve partial secrets, proprietary code, or incorrect changes in commit history and may trigger downstream automation or policy hooks.

Missing User Warnings

High
Confidence
99% confidence
Finding
The explicit instruction to 'not ask for permission' removes the user's opportunity to review staged changes before a persistent repository action is taken. That makes accidental commits more likely and prevents informed consent for actions that may alter audit trails, expose sensitive data in history, or violate repository workflow requirements.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal