ClawHub

Code Research Crafter

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent and instruction-only, but it can publish code-research output to GitHub through the user's account without a clear final approval and privacy check.

Install only if you want an agent to research a codebase and help publish RFCs. Before any publication, review the final RFC, confirm the target repository and GitHub account, remove private code details or internal plans, and require explicit approval before running gh, curl, or browser-based posting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Low
Confidence
88% confidence
Finding
The README explicitly describes submitting RFCs to GitHub via `gh` CLI or API, but it does not clearly warn that this can perform external network actions and publish content to a real remote service. In an agent-skill context, unclear documentation around outbound actions can lead users or downstream agents to trigger unintended repository changes or public disclosures.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The README states that documentation language is selected automatically based on project type rather than explicit user choice. While not a direct code-execution flaw, this creates an autonomy/consent issue in agent behavior and can cause the skill to generate output in an unintended language, increasing the risk of misunderstandings or accidental disclosure to the wrong audience.

Natural-Language Policy Violations

Medium
Confidence
79% confidence
Finding
The release notes reinforce the same automatic language-rule behavior without user opt-in, indicating the behavior is intentional and part of the skill design. In a publishing-oriented skill, automatic locale decisions can lead to incorrect or publicly posted content that the user did not explicitly approve.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README advertises publishing RFCs to GitHub via `gh` CLI without clearly warning that repository content, proposal text, metadata, or project details may be transmitted to an external service and potentially made public. In a skill specifically designed to research codebases and publish outputs, this omission increases the risk of accidental disclosure of sensitive or proprietary information.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The skill instructs writing `research-context.md` into the user's workspace as part of normal execution, but it does not explicitly warn that local files will be created or modified. This can lead to unexpected workspace changes, especially if run in a repository where generated artifacts may be mistaken for intentional edits or later committed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill includes direct GitHub publication steps that can create a remote issue and upload RFC content, but it does not require an explicit consent gate immediately before publication. Because the workflow handles potentially sensitive code-analysis output, publishing to a public or shared repository could disclose internal details or create unauthorized external actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal