ClawHub

Convert Github Repository

Security checks across malware telemetry and agentic risk

Overview

This skill is a repository conversion helper whose file, GitHub, token, and output-writing behavior fits its stated purpose, though its README contains stale generic examples users should not rely on.

Install only if you intend to export repositories. Provide only repositories you are comfortable converting, use a least-privilege GitHub token when needed, keep generated exports in a controlled folder, and treat the README API_KEY/read-write examples as stale until the publisher cleans them up.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
81% confidence
Finding
The skill explicitly instructs accessing local repositories via `.git` inspection and `git` commands, which implies local file-read capability, but no permissions are declared. Undeclared file access is a real security issue because users and the platform cannot accurately assess or constrain what local data the skill may read.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The README advertises generic read/write modes that do not align with the stated repository-conversion purpose, creating ambiguity about what the skill actually does. In an agent setting, this can lead users or orchestration systems to invoke broader file access or mutation behaviors than expected, increasing the chance of unintended repository modification or misuse.

Intent-Code Divergence

Medium
Confidence
81% confidence
Finding
The README states that an API key is required even though the skill is described as a local/repository conversion tool, which is an unnecessary privilege signal and may prompt users to provide sensitive credentials without clear need. This mismatch can normalize credential collection for a task that should likely run offline, raising the risk of secret exposure or hidden external calls.

Vague Triggers

Medium
Confidence
77% confidence
Finding
Leaving the trigger condition as a placeholder means the activation scope is undefined, which is risky for agent skills because it can cause the skill to run in unintended contexts. An overly broad or unspecified trigger can expose repositories or local paths to processing when the user did not explicitly request this conversion behavior.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Documenting a write mode without warning about data modification is dangerous because it understates the possibility of altering repository contents or input files. In a repository-focused skill, users may assume conversion is read-only unless explicitly told otherwise, so an undocumented write path increases the risk of accidental destructive changes.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill description does not warn users that repository metadata and potentially file contents may be sent to GitHub APIs or reproduced in generated exports. This creates a privacy and data-handling risk because users may provide local or sensitive repositories without understanding what information leaves the local environment or gets surfaced in outputs.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal