ClawHub

Git Pushing

Security checks across malware telemetry and agentic risk

Overview

This skill performs the Git workflow it advertises, but it can publish all current repository changes to a remote without a built-in review or confirmation step.

Install only if you are comfortable with an agent staging every current repository change and pushing it to the configured Git remote. Before using it, review `git status`, the diff, the current branch, and the `origin` URL, especially in public repositories or workspaces that may contain secrets or unrelated edits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation phrases are broad enough that ordinary conversation about saving or sharing work could trigger a stage/commit/push workflow without clear intent. In this context, unintended activation is dangerous because the skill stages all changes and publishes them to a remote, potentially exposing secrets, unfinished work, or unrelated modifications.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The usage criteria describe several ambiguous situations like completing a feature or wanting to share work, which do not clearly establish authorization to publish repository contents. Because this skill performs irreversible collaboration actions against a remote repository, vague invocation rules materially increase the chance of accidental commits and pushes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The markdown does not warn that the workflow stages all changes and pushes them to a remote repository, omitting the most security-sensitive side effects. In a source-control context, this can cause accidental inclusion of secrets, environment files, unrelated edits, or sensitive code and then immediately publish them upstream.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal