ClawHub

github-health-diagnosis

Security checks across malware telemetry and agentic risk

Overview

This skill openly creates GitHub health reports, but it automatically publishes potentially sensitive repository findings to Feishu Wiki without a clear opt-in or destination control.

Install only if you intend reports to be written to Feishu Wiki. Use it first on public or low-sensitivity repositories, provide an explicit Wiki space and parent node, and restrict GitHub and Feishu credentials to the exact repositories and spaces you want this workflow to access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The workflow consumes `{{input_repo}}` in steps 1 and 2, but the declared input schema requires `repo`. This interface mismatch can cause the workflow to analyze an unintended empty/default value or fail open/closed unpredictably, which is especially risky because the output is later published to Feishu Wiki. In this skill context, the issue is more dangerous than a simple reliability bug because it affects what repository data gets collected, analyzed, and externally published.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly describes publishing repository diagnostic results to Feishu Wiki, an external knowledge base, but does not mention user consent, data classification, redaction, or the risk of exposing internal repository metadata, code-review output, or security findings. In this skill context, the danger is elevated because the workflow aggregates potentially sensitive project health, issue, CI, and security information and then automatically distributes it outside the source system.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger metadata includes broad, common phrases such as '项目诊断', '项目报告', and '质量评估' that can overlap with ordinary user requests unrelated to this specific skill. Because this skill performs multi-step external actions and publishes output to Feishu Wiki, accidental activation could cause unintended repository analysis and external data publication.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The example utterances are ambiguous and lack clear scoping or exclusion conditions; phrases like '生成项目诊断报告' or '这个项目代码质量怎么样' are natural-language requests that may match many contexts. In this skill, a misfire is more dangerous because execution chains into GitHub analysis, code review, card generation, and automatic Wiki publication, increasing the consequences of false activation.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The workflow states that the report will be published to Feishu Wiki, but the user-facing description around the workflow does not present this as a clear warning or consent checkpoint before data leaves the analysis context and is persisted externally. This creates a risk of unintended disclosure of repository details, issue summaries, code-quality findings, or sensitive observations into a shared documentation system.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description mentions diagnosis and Feishu Wiki at a high level, but the invocation contract does not clearly present automatic external publication as an explicit side effect or make destination handling/consent requirements prominent in the input contract. That can lead users or calling agents to trigger repository analysis that automatically writes potentially sensitive summaries, issue excerpts, or code-review findings into a Feishu Wiki space. Because this skill chains data collection, code review, and publication, insufficient side-effect disclosure materially increases the risk of unintended data exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal