ClawHub

GitLab Agent Self Improvement

Security checks across malware telemetry and agentic risk

Overview

The skill is not malicious, but it asks an agent with a GitLab token to create and close merge requests while the public description under-explains that authority.

Install only if you intend to let the agent operate on the named GitLab project using your GitLab token. Review proposed merge-request creation or closure manually, and prefer using a narrowly scoped token with access limited to the intended repository.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is presented as personal growth/self-improvement, but its actual behavior instructs the agent to perform repository maintenance actions in GitLab, including opening and closing merge requests. This mismatch can mislead users and policy systems about the skill's true capabilities, increasing the chance that remote state-changing actions occur without informed consent or appropriate review.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The instructions authorize creation and closure of merge requests even though the stated purpose is self-improvement, not repository administration. That unjustified capability expansion creates a pathway for unnecessary or unauthorized modifications to project workflow, issue tracking, and review state.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill instructions are broad and ambiguous, telling the agent to think about improvements and act on them without precise limits on when the skill should run or what changes are allowed. Ambiguous scope is dangerous because it permits discretionary remote actions based on subjective judgment, which can lead to overreach or unintended project changes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs the agent to create and close GitLab merge requests without warning the user that it will modify remote project state. Silent state-changing behavior is risky because it can surprise users, disrupt collaboration, and cause unauthorized updates to review workflows in any environment where a GitLab token is available.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal