ClawHub

GitHub Trending Monitor

Security checks across malware telemetry and agentic risk

Overview

The skill matches its GitHub notification purpose, but it ships a payment API key and exposes subscription and payment controls without adequate access protection.

Review before installing or deploying. Do not use the embedded SkillPay key; require it to be removed and rotated. Run the service only behind authentication or a private gateway, add signed SkillPay callback verification, restrict CORS, validate notification recipients, and clearly disclose what data is sent to Telegram, Discord, email, GitHub, and SkillPay.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The README includes a live-looking SkillPay API key instead of a placeholder, which is a direct secret exposure in documentation. If the key is real, anyone who reads the repository can reuse it for unauthorized API access, billing abuse, or account compromise; even if it is a test key, publishing realistic secrets normalizes unsafe handling and increases the chance of operational leaks.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The subscription status endpoint returns the full stored subscription object for any supplied userId without any authentication or authorization checks. That object includes notification channel details and payment metadata such as paymentId, which enables unauthorized users to enumerate or retrieve other users' subscription and contact information.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill documentation describes collecting user identifiers and destination contact details such as Telegram chat IDs, Discord webhook URLs, and email credentials for notification delivery, but it does not disclose that this information will be transmitted to third-party messaging or email services. This creates a privacy and consent gap that can lead to unexpected data sharing, compliance issues, and misuse of sensitive contact endpoints if operators or users are not properly informed.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises multi-channel notifications and subscription management but provides no user-facing warning that invoking these actions may send data to external services or alter notification state. This can mislead users into triggering outbound communications or recurring alerts without informed consent, which is especially concerning in an agent context where actions may be automated.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The /notify endpoint can trigger outbound delivery of repository information to third-party messaging or email platforms, yet the manifest does not disclose that external transmission will occur. In an agent ecosystem, this creates risk of unintended data sharing, spam, or misuse of configured notification channels because users are not adequately warned before execution.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The /subscribe endpoint enables recurring scheduled notifications, but the manifest does not warn that using it may create an ongoing background notification state. This can cause persistent unwanted messages or operational noise, particularly when agents invoke tools on a user's behalf without clearly surfacing durable side effects.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code sends user identifiers, actions, timestamps, and billing-related usage data to a third-party endpoint for analytics without any visible consent, minimization, or disclosure mechanism. This creates a privacy and compliance risk because users may be tracked or profiled unexpectedly, and the skill context makes it more concerning since payment integration code also performs behavior logging unrelated to strict payment processing.

Ssd 3

High
Confidence
99% confidence
Finding
The example environment block contains what appears to be an actual API secret, creating immediate credential exposure risk. In the context of a pay-per-use integration, a leaked secret can enable fraudulent transactions, unauthorized service usage, and downstream financial or reputational damage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal