ClawHub

Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed publishing helper, but users should review the directory contents before letting it push anything publicly.

Install only if you want a tool that can modify SKILL.md, create or use a Git repository, create a public GitHub repo, push code, and publish to ClawdHub. Before approving publication, inspect the skill directory, remove secrets and private files, and ensure .gitignore excludes build artifacts or credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script's advertised purpose is documentation/publishing assistance, but it performs materially broader actions: creating a public GitHub repository and publishing to ClawdHub. Even though it prompts the user before publishing, this capability mismatch can cause users to disclose local project contents externally under a misleadingly narrow description.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script creates a remote public repository and publishes content to external services, which is a higher-risk capability than the stated marketing/documentation purpose suggests. This matters because users may run it in a skill directory containing sensitive files, leading to unintended public disclosure.

Context-Inappropriate Capability

Low
Confidence
88% confidence
Finding
Initializing git and running 'git add .' commits all files in the working directory, which can accidentally capture secrets, build artifacts, or unrelated local data. Because this happens automatically once the user confirms publishing, it increases the chance of over-collection before a push to a remote repository.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The publishing section describes pushing code to GitHub and ClawdHub but does not prominently warn that local repository contents may be sent to third-party services. In a skill context, this can lead users to publish sensitive files, secrets, internal code, or unintended assets if they assume the tool only generates documentation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script rewrites SKILL.md frontmatter based on an interactive choice but does not obtain explicit confirmation right at the modification point or offer a backup/preview. Silent local file modification is risky because it can overwrite user-authored metadata and create unexpected downstream changes before publication.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script stages all files, commits, creates or uses a GitHub remote, and pushes content, but these high-impact actions are not clearly disclosed upfront in the skill description/comments. Although there is a publish confirmation, users are not given a detailed summary of what files will be committed and pushed or warned that the repo will be public.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script publishes the local directory to ClawdHub without clearly enumerating what files or metadata are sent. This can expose more content than the user expects, especially if the working directory contains extra files not intended for distribution.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal