ClawHub

pipelinelint

Security checks across malware telemetry and agentic risk

Overview

PipelineLint is a local CI/CD scanner with disclosed licensing and optional git-hook integration, with no evidence of exfiltration or deceptive behavior.

Use normal scan mode for read-only local analysis. Only run hook installation if you want PipelineLint to modify lefthook.yml and run on future commits or pushes. Prefer PIPELINELINT_LICENSE_KEY or the documented OpenClaw config over passing a license key directly on the command line, and review lefthook.yml after install or uninstall.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill invokes shell scripts (`bash <SKILL_DIR>/scripts/dispatcher.sh`) and also advertises hook-related installation behavior, but no explicit permissions model is declared in the manifest. That creates a trust and review gap: consumers may not realize the skill can execute local commands and modify repository state, increasing the risk of unintended command execution or filesystem changes.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The declared purpose is a local pipeline analyzer, but the documented behavior extends into license-key retrieval, feature gating, hook installation, config mutation, and status/reporting workflows. This mismatch is dangerous because users may invoke the skill expecting passive analysis while it performs broader actions involving secrets, local config files, and repository modifications.

Context-Inappropriate Capability

High
Confidence
91% confidence
Finding
The script can modify repository state by creating or appending to lefthook.yml and installing Git hooks, which exceeds read-only analysis behavior expected from a pipeline scanner. In an agent-skill context, write-capable repository modification increases risk because a user may invoke the tool for analysis but unintentionally persist executable hook logic into their repo, affecting future commits and trust boundaries.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The help and top-level usage text disclose only status and patterns commands, while the parser also supports hooks and report, including state-changing behavior. Undocumented mutating commands are dangerous in a security-sensitive tool because they reduce informed consent and can mislead users or higher-level agents about the tool's actual capabilities.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation phrases are broad and underspecified, making it easier for an orchestrating agent to trigger this skill on general repository review requests without clear boundaries. Because the skill executes shell commands over user-supplied paths, ambiguous routing can cause overbroad scans, unexpected access to unrelated files, or execution in the wrong directory context.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The example trigger "Check my GitHub Actions workflow" is generic enough to overlap with broader code review or repository audit requests, which can cause accidental invocation outside the intended narrow purpose. In an agent environment, ambiguous triggers increase the chance of unreviewed shell execution against large or sensitive directories.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The CLI license key is copied into an environment variable, which can increase exposure through process listings, inherited child environments, debugging output, or crash diagnostics. While not immediate secret exfiltration, this handling weakens secret hygiene and is risky for a tool likely to run in developer shells and CI environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal