ClawHub

clawlite-doc-sync

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-sync skill that edits Markdown docs and creates a scoped docs commit, which is disclosed and aligned with its purpose.

Install this only for repositories where you are comfortable letting the agent update documentation and create a docs commit. Run it on a feature branch, review the resulting diff and commit before merging, and pay attention to any questions about version bumps, security wording, large rewrites, or TODO changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill goes beyond document synchronization and performs an automatic `git commit`, which is a side effect that changes repository history. Even if intended as workflow automation, creating commits without an explicit user approval step can be abused to persist unwanted edits, hide malicious documentation changes in a seemingly routine docs commit, or bypass normal review expectations.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill performs source-control commit operations as part of a documentation task, which expands its authority from editing text to altering version-control state. This is dangerous because a user invoking a docs-sync skill may not expect irreversible repository-history actions, and an adversarial or flawed skill could use that authority to package unintended changes into a commit.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs automatic edits to repository files and later an automatic commit, but it does not prominently warn the user up front that running the workflow will modify files and create version-control artifacts. Lack of informed consent increases the risk of surprising destructive or policy-violating actions, especially in automation contexts where users may treat the skill as read-only analysis.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal