ClawHub

file-change-tracker

Security checks across malware telemetry and agentic risk

Overview

This skill deliberately creates local Git recovery snapshots around file edits, and the artifacts disclose that behavior clearly enough for its stated purpose.

Install only if you want an agent to make local Git recovery commits around edits. Use narrow target paths, check .gitignore and guarded-edit.ignore before broad directory changes, and avoid including secrets or generated output you do not want preserved in local Git history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script's PRE/POST workflow creates real Git commits to capture snapshots, which changes repository history rather than merely recording batch metadata. For a 'file-change tracker' skill, this is dangerous because it can silently alter the user's branch, trigger downstream automation, and leave persistent history artifacts unrelated to the user's intended work.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The helper calls 'git init' when executed outside an existing repository, giving a tracking utility the ability to create a repository as a side effect. This exceeds the declared purpose and can unexpectedly transform arbitrary directories into Git repos, changing user workflows and causing later commands to operate under false assumptions.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script writes local Git 'user.name' and 'user.email' if unset, modifying repository configuration unrelated to simple change tracking. This can misattribute commits, hide the true origin of automated changes, and make later audit or authorship review harder, especially because the same script also creates commits.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README states that the skill may initialize a Git repository and create local commits, but this side effect is not presented as a prominent up-front warning. In an agentic workflow, users may invoke the skill expecting a safety wrapper around edits, yet it can materially alter on-disk repository state, create a new .git directory, and persist snapshots that may include unintended files within the declared target paths.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal