ClawHub

GitLab Agent Profile

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed GitLab profile-stat updater that reads GitLab activity and writes chart/proof assets, with some configuration risks users should handle carefully.

Install only where a GitLab token and automated profile asset updates are appropriate. Prefer a read-only GitLab token, keep output variables pointed inside the intended assets directory, and review the generated JSON proof before publishing it if project activity may be private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
webp_output.parent.mkdir(parents=True, exist_ok=True)
    magick = shutil.which("magick")
    if magick:
        subprocess.run([magick, str(svg_output), str(webp_output)], check=True)
        return
    convert = shutil.which("convert")
    if convert:
Confidence
90% confidence
Finding
subprocess.run([magick, str(svg_output), str(webp_output)], check=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
return
    convert = shutil.which("convert")
    if convert:
        subprocess.run([convert, str(svg_output), str(webp_output)], check=True)
        return
    npm = shutil.which("npm")
    if npm:
Confidence
90% confidence
Finding
subprocess.run([convert, str(svg_output), str(webp_output)], check=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
return
    npm = shutil.which("npm")
    if npm:
        subprocess.run(
            [
                npm,
                "exec",
Confidence
91% confidence
Finding
subprocess.run( [ npm, "exec", "--yes", "sharp-cli", "--", "--input",

Tainted flow: 'webp_output' from os.environ.get (line 345, credential/environment) → subprocess.run (code execution)

Medium
Category
Data Flow
Content
webp_output.parent.mkdir(parents=True, exist_ok=True)
    magick = shutil.which("magick")
    if magick:
        subprocess.run([magick, str(svg_output), str(webp_output)], check=True)
        return
    convert = shutil.which("convert")
    if convert:
Confidence
97% confidence
Finding
subprocess.run([magick, str(svg_output), str(webp_output)], check=True)

Tainted flow: 'webp_output' from os.environ.get (line 345, credential/environment) → subprocess.run (code execution)

Medium
Category
Data Flow
Content
return
    convert = shutil.which("convert")
    if convert:
        subprocess.run([convert, str(svg_output), str(webp_output)], check=True)
        return
    npm = shutil.which("npm")
    if npm:
Confidence
97% confidence
Finding
subprocess.run([convert, str(svg_output), str(webp_output)], check=True)

Tainted flow: 'webp_output' from os.environ.get (line 345, credential/environment) → subprocess.run (code execution)

Medium
Category
Data Flow
Content
return
    npm = shutil.which("npm")
    if npm:
        subprocess.run(
            [
                npm,
                "exec",
Confidence
98% confidence
Finding
subprocess.run( [ npm, "exec", "--yes", "sharp-cli", "--", "--input",

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal