ClawHub

commit-history-exporter

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but its export scripts unsafely run user-supplied inputs through shell eval and its examples encourage command-line SVN passwords.

Review this skill before installing. Run it only on repositories you are authorized to inspect, avoid passing SVN passwords on the command line, and patch the scripts to remove eval and use safely quoted argument arrays. Treat exported reports as sensitive because they may include names, emails, commit messages, and internal file paths.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The script accepts SVN credentials and later injects them into an `eval svn log ...` command path, which expands the security impact beyond simple export functionality. Even if intended for convenience, collecting credentials as direct parameters increases exposure through shell history, process listings, and accidental logging, making this a real security issue in an agent skill context.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger phrases are broad and overlap with common conversational requests such as viewing history or generating logs, which can cause the skill to activate in situations the user did not intend. In a skill that can enumerate repository history and potentially retrieve detailed commit messages, accidental activation can expose sensitive development metadata or commit content beyond user expectation.

Missing User Warnings

High
Confidence
98% confidence
Finding
The documentation instructs users to place SVN usernames and passwords directly on the command line, which exposes credentials through shell history, process listings, logs, and telemetry. In this skill's context, that risk is especially significant because the workflow explicitly normalizes authenticated repository access and provides examples that encourage insecure secret handling.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The script exports author names and email addresses from repository history into local report files without any minimization, warning, or consent check. In enterprise environments, commit metadata may contain personal or internal contact information, and bulk export makes redistribution and secondary disclosure easier than browsing the repository directly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Accepting SVN credentials as positional arguments is unsafe because command-line arguments are often exposed to other local users via process inspection tools and retained in shell history. In an automation/agent setting, this is especially risky because users may unknowingly provide reusable repository credentials to a script that persists or echoes operational details.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The detailed export mode writes full commit messages and changed paths to a file, which can disclose sensitive internal information such as ticket references, system names, file locations, secrets accidentally committed in messages, or confidential project structure. In a commit-history-export skill, exporting metadata is expected, but silently defaulting to broad data capture still creates a real confidentiality risk if users do not realize how much data will be persisted.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal