ClawHub

github-pr-knowledge-wiki-sync

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises, but it can read full GitHub PR diffs and publish generated content to Feishu or WeCom without a clear confirmation or redaction step.

Review generated content before allowing Feishu or WeCom sync. Use the Markdown target for sensitive PRs, verify the destination knowledge base is appropriate for the repository, and ensure GitHub/wiki credentials have only the access needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly describes an automated pipeline that pulls PR data, analyzes code changes, generates documentation, and then writes the results into Feishu Wiki or WeCom documents, but it does not warn about write-side effects, data propagation, or the possibility of syncing sensitive code/context into external knowledge systems. In this context, the skill handles potentially sensitive repository metadata and diffs, so silent or poorly signposted publication to third-party collaboration platforms creates a real risk of unintended disclosure or unauthorized modification of organizational documentation.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases include broad natural-language requests such as asking what a PR changed or asking for help generating documentation, which can cause the skill to activate unintentionally in ordinary conversation. Because this skill pulls PR data, analyzes code changes, and may publish content to external knowledge platforms, accidental activation can lead to unintended processing and disclosure of repository information.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill advertises automatic PR analysis and synchronization to Feishu Wiki or WeCom docs, but it does not clearly warn users that PR content, code diffs, commit history, and possibly sensitive internal code will be transmitted to external documentation systems. In a development context, this is dangerous because PRs often contain proprietary code, internal architecture details, secrets-adjacent material, or security-relevant changes that should not be silently exported.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow collects full PR metadata and code diffs, then transmits the generated documentation to external platforms such as Feishu Wiki or WeCom Docs without any explicit consent, warning, sensitivity check, or scope limitation. Because PR bodies and diffs can contain proprietary code, internal URLs, secrets, or security-relevant implementation details, this creates a real data exfiltration and confidentiality risk.

Missing User Warnings

Low
Confidence
79% confidence
Finding
The markdown export path writes generated documentation containing PR-derived content to local disk, which may persist sensitive code summaries or internal metadata in an unexpected location. While local file output is less severe than third-party sync, the absence of a clear notice or path safety controls can still lead to unintended disclosure through shared directories, checked-in files, or insecure workstation storage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal