ClawHub

Xby Review Code

Security checks across malware telemetry and agentic risk

Overview

This looks like a remote code review helper, but it sends reviewed code to an external service and stores the service API key locally.

Install only if you trust the xiaobenyang service with the code you review. Do not submit proprietary code, secrets, or regulated data unless that provider is approved for it, and make sure the generated .env file containing XBY_APIKEY is protected and excluded from version control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is presented as a code review tool, but substantial instructions, API-key requirements, external URL, and project structure belong to an unrelated gaokao/school-query service. This kind of mismatched identity is dangerous because it can mislead users into supplying secrets or approving behaviors unrelated to the advertised function, a classic sign of deceptive or repurposed skill content.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The workflow says only code-review tools should be used, but the example invokes an unrelated `search_schools` function. Contradictory tool guidance can redirect the agent toward unintended functionality and is especially suspicious in a skill already showing identity mismatch, increasing the chance of unauthorized data handling or user confusion.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The documented package structure names a gaokao-specific project for a supposed code review tool, reinforcing that the skill may be repackaged or mislabeled. This inconsistency undermines trust review, obscures actual behavior, and can hide unexpected code paths involving external APIs and secret management.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The code-review skill includes functionality to persist an API key into a local .env file, which is outside the narrowly stated purpose of code review and scoring. While not inherently malicious, storing secrets on disk increases the chance of accidental disclosure through source control, backups, local compromise, or unsafe file permissions.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
This file implements credential-management behavior even though the advertised skill is a code-review tool. In skill ecosystems, extra credential-handling capability broadens the trust boundary and can create unnecessary exposure of sensitive material without a clear functional need visible from the stated purpose.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code saves an API key to .env without any visible user-facing warning, consent flow, or explanation of where the secret will be stored. This can cause users to unknowingly leave credentials on disk where they may be leaked via repository commits, logs, backups, or other local access.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This function forwards raw source code and optional commit metadata to an external API without any in-function indication of consent, minimization, or sensitivity checks. In a code-review skill, transmitted code may contain proprietary logic, secrets, or regulated data, so silent exfiltration to a remote service creates a real confidentiality risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Git diffs and commit messages often expose unreleased features, credentials, internal paths, and sensitive business context. Sending them to an API without visible warning or controls increases the risk of unintended data disclosure; in this skill context, that danger is elevated because review tooling is routinely pointed at private repositories.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This function transmits both file path and full file content to an API, which can reveal sensitive source, directory structure, usernames, project names, or internal environment details. For a code review tool, this is materially risky because users are likely to submit confidential files and may not realize the data leaves the local environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal