ClawHub

Workspace Git Setup

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local Git setup skill that can create commits in a workspace, but I found no hidden network access, exfiltration, privilege escalation, or destructive behavior.

Install only if you want a tool that may initialize Git and locally commit your workspace. Run --dry-run or --audit first, inspect .gitignore and git status, and remember that local commits can still capture files not covered by the ignore rules even though the tool does not push to a remote.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
Several listed trigger phrases are broad, including requests like 'track my changes', 'back up my workspace', or similar natural-language variants that may appear in contexts unrelated to Git setup. Because this skill has mutating modes by default, trigger collisions could cause unintended execution, creating a repo, overwriting .gitignore, or staging/committing files the user did not mean to place under version control.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Several listed trigger phrases are broad, including requests like 'track my changes', 'back up my workspace', or similar natural-language variants that may appear in contexts unrelated to Git setup. Because this skill has mutating modes by default, trigger collisions could cause unintended execution, creating a repo, overwriting .gitignore, or staging/committing files the user did not mean to place under version control.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script runs `git add -A` and then attempts `git commit` across the entire workspace, which can capture far more content than a user expects, including previously overlooked files. In a skill explicitly marketed as safe Git setup and secret-guarding, this is especially risky because users may trust it to avoid accidental inclusion, yet the `.gitignore` is not exhaustive and existing tracked or uncommon sensitive files can still be committed.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal