ClawHub

atomgit

Security checks across malware telemetry and agentic risk

Overview

This is a transparent AtomGit/GitCode API helper, but it gives broad account and repository authority and includes some endpoints outside its stated repository-management purpose.

Install only if you intend to let an agent operate your AtomGit/GitCode account through raw API calls. Use a dedicated minimally scoped token, avoid broad long-lived credentials where possible, and require explicit confirmation before delete, transfer, merge, collaborator, webhook, SSH-key, file, release, organization, or enterprise changes. Be aware that the skill also documents AI/media and OAuth endpoints beyond ordinary repository management.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is declared and described as a repository-management capability, but it also exposes unrelated AI chat, audio transcription, and video generation endpoints. This is dangerous because it expands the skill's effective privilege and data-exfiltration surface beyond user expectations, enabling transmission of arbitrary prompts, audio, or other content to external services under the same bearer token.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
General AI, audio, and video capabilities are unjustified for a repo-management skill and violate least-privilege and least-surprise principles. Users may authorize this skill expecting Git operations, while the skill can also send arbitrary text and files to unrelated external APIs, increasing risk of sensitive data disclosure and misuse.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises direct curl-based execution of repository operations, and later includes destructive actions such as deleting repositories, removing branches, deleting files, removing collaborators, and merging PRs, but provides no confirmation or safety workflow guidance. In an agent setting, this raises the chance of accidental destructive operations from ambiguous prompts or prompt-injection-influenced requests.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs users to provision a broad-scope token including write_repository, issues, and pull_requests permissions, but does not include meaningful security guidance on token minimization, storage, rotation, or the consequences of exposing the token to an agent skill. That increases the blast radius if the skill is misused, compromised, or prompted into unintended operations.

External Transmission

Medium
Category
Data Exfiltration
Content
# AI 聊天完成
curl -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
  -d '{"model":"qwen-plus","messages":[{"role":"user","content":"Hello"}]}' \
  https://api.gitcode.com/api/v5/chat/completions

# 音频转录
curl -X POST -H "Authorization: Bearer $TOKEN" \
Confidence
94% confidence
Finding
https://api.gitcode.com/

External Transmission

Medium
Category
Data Exfiltration
Content
# 音频转录
curl -X POST -H "Authorization: Bearer $TOKEN" \
  -F "file=@audio.mp3" \
  https://api.gitcode.com/api/v5/audio/transcriptions

# 视频生成
curl -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
Confidence
96% confidence
Finding
https://api.gitcode.com/

External Transmission

Medium
Category
Data Exfiltration
Content
# 视频生成
curl -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
  -d '{"prompt":"A cat playing guitar"}' \
  https://api.gitcode.com/api/v5/video/generate
```

---
Confidence
92% confidence
Finding
https://api.gitcode.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal