ClawHub
Back to skill

Security audit

Istore Build Passwall

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do its stated PassWall workflow setup, but it asks for powerful GitHub access and can overwrite a repository without enough safety controls.

Review carefully before installing. Use only a disposable fork or new branch, back up the repository first, avoid pasting a PAT into chat or command lines, prefer GitHub CLI or a fine-grained short-lived token limited to the target fork, revoke the token afterward, and inspect the workflow and generated .run installer before running it on a router.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly asks the user to provide a GitHub Personal Access Token with broad `repo` scope and then uses it for repository writes and API permission changes, but it does not warn about secret handling, least-privilege scoping, or safer alternatives. This creates a real credential-exposure risk because the token may be revealed to the agent runtime, logs, shell history, or command transcripts.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill states it will force-push to the user's repository and overwrite existing contents, but it does not require an explicit destructive-action confirmation or backup step. This is dangerous because a mistaken repository, branch, or fork state can cause immediate and irreversible data loss in the user's repo.

Ssd 3

High
Confidence
99% confidence
Finding
The skill instructs the agent to solicit the user's PAT and embed it directly into remote URLs and API calls. Embedding credentials in command lines is particularly unsafe because tokens can leak via process listings, shell history, logs, crash reports, or repository remotes/config, making unauthorized repository takeover possible.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.