ClawHub

GitHub Release Workflow

Security checks across malware telemetry and agentic risk

Overview

This is a real GitHub release helper, but its CLI can run unsafe shell commands and publish repository changes with too little guardrail.

Review or patch the CLI before installing. Do not pass untrusted version strings, and do not run gh-release release in repositories with secrets, unrelated changes, or unreviewed files. Prefer manual git status/diff review and explicit tagging or pushing until the tool validates version input and adds confirmation controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run(cmd: str, check: bool = True) -> None:
    """Run shell command"""
    print(f"→ {cmd}")
    result = subprocess.run(cmd, shell=True, check=check)
    if result.returncode != 0:
        sys.exit(result.returncode)
Confidence
98% confidence
Finding
result = subprocess.run(cmd, shell=True, check=check)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The init workflow silently sets hardcoded git identity values after initializing a repository, which goes beyond expected release setup behavior and modifies user configuration context. This can cause misattributed commits and could be abused to impersonate a fixed identity in repositories where users expect only initialization behavior.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The release command stages all files, creates a commit, tags it, and pushes to the remote, which is far broader than simple release/version management. In a skill context, this increases danger because it can publish unintended files, secrets, or unreviewed changes with a single command invocation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow performs staging, commit, tag, and push operations without any confirmation, preview, or warning. In an automation skill, that makes accidental publication of sensitive or unintended repository contents significantly more likely, especially because it stages everything with git add . before pushing.

VirusTotal

No VirusTotal findings

View on VirusTotal