ClawHub

GitVerse API

Security checks across malware telemetry and agentic risk

Overview

This is a coherent GitVerse integration skill, but users should treat its token and pull-request creation command as real account access.

Install only if you want an agent to access GitVerse through your account. Use a token with the smallest needed scope, protect any .env file from being committed or shared, confirm repository and branch names before creating pull requests, and leave GITVERSE_BASE_URL unset unless you intentionally trust a custom endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly documents a command to create pull requests, which is a remote write operation that changes state in a user repository, but it does not warn users that this action is non-read-only. In an agent/skill context, unclear disclosure around write-capable commands increases the chance of unintended repository modifications if the tool is invoked under ambiguous user intent.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The README instructs users to place an API token in an environment variable or .env file without any guidance on secret handling, storage permissions, or avoiding accidental commits. While common, this omission can lead to credential leakage through shell history, insecure file permissions, or committed .env files.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation exposes authenticated commands that can create issues, close issues, add comments, create pull requests, and merge pull requests, but it does not clearly warn that these actions modify remote state. In an agent-skill context, that omission is risky because users or higher-level automation may treat the commands as routine inspection actions and unintentionally perform destructive or policy-sensitive operations against live repositories.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The setup instructions tell users to export a GitVerse API token but do not warn that the token is a sensitive credential granting authenticated access to potentially private repositories and write operations. In an agent environment, normalizing inline token setup without handling guidance increases the chance of credential exposure, misuse, or over-privileged execution.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The createPull function performs a state-changing remote operation against GitVerse using caller-supplied parameters, but this file provides no confirmation, dry-run mode, or explicit warning that it will create a pull request. In an agent/tooling context, this increases the risk of unintended writes caused by prompt injection, user misunderstanding, or autonomous execution against the wrong repository or branch.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The createPull function performs a state-changing remote operation against GitVerse by creating a pull request, but this file contains no explicit confirmation, dry-run mode, or user-facing warning before executing the write. In an agent skill context, that increases the risk of unintended repository changes if upstream prompts, parameters, or tool invocations are influenced by ambiguous or adversarial input.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal