ClawHub

Issue To Pr

Security checks across malware telemetry and agentic risk

Overview

This skill matches its issue-fixing purpose, but it can use your GitHub login to fork repositories and run project code before every sensitive step is separately approved.

Review this before installing if you work with private or sensitive repositories. Use it only where you are comfortable letting an agent clone repos, edit local files, run project test/lint commands, and use your GitHub CLI identity. Ask for confirmation before forking, running project scripts, pushing branches, or creating PRs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
99% confidence
Finding
This is a clear mismatch because the declared description promises an end-to-end GitHub issue fixing and PR submission capability, but the actual code shown only performs local installation and uninstallation of the skill definition. The code does not fetch issue data, inspect repositories, modify code, create commits, or open pull requests. While installer logic can be supportive utility code, here it is the entirety of the provided implementation, so the actual behavior materially differs from the declared purpose.

Intent-Code Divergence

Low
Confidence
93% confidence
Finding
The manifest description says the skill supports URLs in the format `https://github.com/{owner}/{repo}/issues/{number}`. However, the body documentation later states it also supports `owner/repo#123` and plain `#123` or `123` inputs, which is a direct contradiction in supported input formats rather than a mere omission.

Session Persistence

Medium
Category
Rogue Agent
Content
### Option 3: Manual Install

```bash
mkdir -p ~/.qoder/skills/issue-to-pr
cp SKILL.md ~/.qoder/skills/issue-to-pr/SKILL.md
```
Confidence
60% confidence
Finding
mkdir -p ~/.qoder/skills/issue-to-pr cp SKILL.md ~/.qoder

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal