ClawHub

GitHub仓库深度解读器

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed GitHub repository research workflow, but users should be careful before using it on private or sensitive repositories because it relies on external tools.

Use this skill for public GitHub repository research. Before using it on private, internal, or strategically sensitive projects, confirm that you are comfortable with GitHub CLI access and external summarization or community-search tools receiving repository URLs, README content, and derived queries. Review the dependent skills separately because their implementations are not included here.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly describes using Agent-Reach to search and aggregate third-party community content from platforms like Twitter/X, Reddit, and HackerNews, but it does not warn users that the skill will perform outbound network access or retrieve external data. In an agent setting, undisclosed network activity can surprise users, expose queried repository interests to third parties, and pull in untrusted content that may influence later outputs.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad and map to common user intents such as project analysis, architecture analysis, and repo research. This can cause unintended activation of the skill in contexts where the user did not explicitly request this workflow, potentially leading to unnecessary external data access, summarization, and content generation across multiple dependent tools.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases are broad enough that ordinary user requests such as comparing repositories or generating a technical report may invoke this skill unexpectedly. Because the workflow performs multiple external actions, including network lookups and third-party summarization, accidental activation can cause unintended data processing and outbound requests.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow sends repository content and derived queries to external services, including a summarization model and community-search platform, without any explicit notice, consent, or privacy boundary. Even if aimed at public repositories, users may provide private URLs or sensitive internal projects, leading to unintended disclosure to third parties.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal