ClawHub

One-click installation of GitHub projects

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed helper for using an external GitHub project installer, but users should treat any repository install/run step as potentially executing local code.

Install this only if you understand that ginstall may clone repositories, install packages, and run project scripts on your machine. Prefer guided or plan-only mode for unfamiliar repositories, avoid --yes unless the repo and environment are trusted, verify the external ginstall CLI source/version, and use a least-privilege GitHub token only when private repository access is needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly promotes cloning arbitrary GitHub repositories, installing dependencies, and running development scripts, but it does not clearly warn that these actions execute untrusted code and can modify the local system. In this skill context, that omission matters more because the whole purpose of the skill is automated repository setup, which increases the chance that users or agents will execute package scripts without sufficient scrutiny.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly guides the agent to clone arbitrary GitHub repositories, install dependencies, and run development scripts, but it does not warn that these actions can modify the local system and execute untrusted code. In this context, `npm install` lifecycle hooks and dev/start scripts from third-party repos can run attacker-controlled commands, so omitting a safety warning materially increases the chance of unsafe execution.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents a non-interactive `--yes` mode that auto-approves steps without warning that prompts are skipped and execution may proceed automatically. Because the tool's purpose is to clone repos, install dependencies, and run scripts, enabling silent auto-approval materially raises the risk of unattended execution of untrusted code and unexpected system changes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal