ClawHub

Commit Helper

Security checks across malware telemetry and agentic risk

Overview

The advertised commit-helper includes an unrelated local data-storage script that is not disclosed in the main instructions, so users should review it before installing.

Install only if you are comfortable with the extra unadvertised local data utility being present. Prefer using the documented scripts/cz_cli.sh path, review any generated git commit command before copying it, and avoid putting sensitive text into scripts/script.sh unless you intentionally want it stored locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The skill metadata claims this is a Commitizen conventional-commit helper, but the implementation is an unrelated generic local data manager that stores, lists, searches, and exports arbitrary user data. This mismatch is dangerous because users or orchestrators may invoke the skill expecting commit-assistance behavior while instead running code with undisclosed persistence capabilities, a classic sign of deceptive packaging or capability smuggling.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The inline description and help text openly present the tool as a generic multi-purpose utility, directly contradicting the manifest's stated commit-helper role. In skill ecosystems, this kind of documentation mismatch increases risk because it indicates the packaged capability is not what reviewers, users, or automation expect, enabling misuse under a trusted label.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The logging function writes command names and user-supplied arguments to a persistent history file without any disclosure, consent, or minimization. In a commit-helper context, arguments may contain commit text, ticket IDs, branch names, or other sensitive workflow data, creating an unexpected local data-retention and privacy risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The add command persists arbitrary user input directly to disk, and the tool also supports listing, searching, and exporting that stored content. Because the skill is presented as a commit-helper rather than a note-taking datastore, users may unknowingly provide sensitive text that is retained and later exposed through local export or disclosure to other processes/users with filesystem access.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal