ClawHub

Repo Explainer

Security checks across malware telemetry and agentic risk

Overview

This skill coherently analyzes a user-supplied GitHub repository or local folder and generates reports, with some expected privacy and workspace-cleanup considerations.

Install only if you are comfortable with the agent reading the repository or local folder you ask it to analyze. Avoid pointing it at sensitive private code unless your agent/LLM environment is approved for that data, and do not store important manual work inside the generated ./workspace/<owner>__<repo>/ clone folder because reruns may replace it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def clone(owner: str, repo: str, branch: str | None, workdir: Path):
    target = workdir / f"{owner}__{repo}"
    if target.exists():
        subprocess.run(["rm", "-rf", str(target)], check=True)
    cmd = ["git", "clone", "--depth=1"]
    if branch:
        cmd += ["--branch", branch]
Confidence
91% confidence
Finding
subprocess.run(["rm", "-rf", str(target)], check=True)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly supports analyzing local directories and says Stage 4 requires an LLM, but it does not clearly warn that source-derived content from local repositories may be transmitted to an external model/provider. In a skill context, users may run this on unpublished or sensitive code, so the omission can cause unintended disclosure of proprietary source, secrets present in files, or internal metadata.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The README advertises single-file HTML reports for local directories, but notes Mermaid is loaded via CDN without warning that opening the generated report may trigger network requests. For local or sensitive projects, even passive outbound requests can violate expectations or leak usage metadata in restricted environments.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The local-directory mode analyzes directories in place and inspects git metadata, but the skill text does not prominently warn users that source files and repository metadata will be read. In the context of local paths, this can expose sensitive code, secrets in source, branch names, remotes, or commit identifiers beyond what a user may have intended to share.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Deleting an existing directory recursively without warning or confirmation is a genuine destructive behavior issue. In this skill, the repository workspace is reused and target names are deterministic, so a rerun can silently wipe prior analysis state or any files placed in that directory.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal