ClawHub

skill-quick-publish

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed publishing helper that can push a skill to GitHub, create a Bear note, and publish to ClawHub when the user runs it.

Use --dry-run first, verify the resolved skill path, GitHub repo, branch, version, and changelog, and inspect the skill folder for private files before publishing. Use --skip-bear if you do not want release metadata or changelog text written to Bear.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly automates cloning, copying files, committing, and pushing to a remote GitHub repository, but the user-facing description does not prominently warn that invoking the skill will modify a remote repo. This can lead to unintended publication of sensitive or unreviewed content, especially because the workflow is presented as a one-click automation and may be triggered by broad phrases like 'publish skill' or 'push skill'.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The Bear sync step sends changelog and skill metadata to Bear using grizzly credentials, but the skill documentation does not clearly warn users that publishing content may be copied into an external notes system. This creates a privacy and data-handling risk if changelog text or skill metadata contains sensitive information, and the fallback logging behavior may further expose details in stdout or logs.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script automatically creates or appends a Bear note containing skill metadata, changelog text, and version information without an explicit confirmation step. In a one-click publishing workflow, this can leak project names, release timing, or sensitive changelog content into a synced note system unexpectedly, especially if Bear or grizzly syncs across devices or cloud services.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script clones a remote repository, copies the entire skill directory, commits, and pushes to GitHub without an interactive confirmation. Because this is a one-click publisher, a mistaken repo value, inherited environment setting, or accidental invocation can cause immediate public release of code or embedded secrets, making the impact materially higher than a normal local automation step.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script performs a remote ClawHub publication directly after prior steps, again without explicit user confirmation at the point of release. In the context of a publishing automation skill, this behavior can unintentionally release proprietary or unreviewed content to an external registry, which is difficult to retract and increases distribution risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal