ClawHub

GitHub Issue Reply Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill locally drafts GitHub issue replies, with a visible but ancillary premium payment-link upsell that users should review before using.

Use this as a local draft helper and review replies before posting them. Treat the SkillPay upgrade link as an external payment flow: do not open or pay through it unless you trust the publisher and avoid using sensitive, stable personal identifiers as user_id.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises executable code and references local scripts/tests, while the metadata shown declares no permissions despite detected capabilities for environment access and file reads. That mismatch is dangerous because users and policy systems cannot accurately assess what the skill may access at runtime, increasing the chance of unintended data exposure from local files or environment variables.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill includes payment-link generation and premium upsell behavior even though its stated function is drafting GitHub issue replies. This expands the trust boundary unnecessarily and can route users to externally controlled payment infrastructure via environment-configured URLs, creating phishing, monetization abuse, or deceptive workflow risks in a context that should be purely productivity-focused.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Reading billing-related environment variables is not justified by the declared issue-reply functionality and allows runtime configuration of user-facing payment destinations. In agent environments, environment variables are part of sensitive execution context; using them for undisclosed monetization logic increases the chance of redirection to attacker-controlled endpoints or policy-violating exfiltration of user identifiers.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The contract explicitly defines a billing charge request that sends `user_id` and arbitrary `metadata` to an external endpoint, but it does not state any data-minimization, consent, or restriction requirements for what may be included. In the context of an agent skill, this can lead implementers to forward user/system-derived content to third-party billing infrastructure without clear safeguards, creating privacy and data-handling risk beyond what is necessary for payment processing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal