ClawHub

Review Ai Writing

Security checks across malware telemetry and agentic risk

Overview

This skill reviews developer writing for AI-like patterns and its file, git, GitHub PR, and local report behaviors are disclosed and fit that purpose.

Install this if you want automated review of developer-facing text for AI-like wording. Be aware it can read repository text files, commit messages, and GitHub PR descriptions, and it writes a local .beagle report file; run it only in repositories where that level of review is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill invokes `gh pr view --json body`, which can access external GitHub metadata and may trigger network-backed repository inspection not obvious from a text-review skill. In constrained or privacy-sensitive environments, this can expose PR content or fail unpredictably due to auth/context, expanding the skill's access beyond local text artifacts.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger language is extremely broad (`any text artifact`, `authenticity and clarity`, `writing quality`), which increases the chance the skill is auto-selected for ordinary review requests outside the user's intent. Because the skill also reads git history and can write reports, overbroad invocation increases the likelihood of unintended repository access and side effects.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill creates `.beagle` and writes `.beagle/ai-writing-review.json` without a user-facing warning or explicit consent. Silent workspace modification is dangerous because users may expect analysis-only behavior, and automated flows could commit or act on these generated artifacts unintentionally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal