ClawHub

Nm Pensive Bug Review

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only bug-review workflow that is coherent with its purpose and does not include hidden execution, credential access, persistence, or exfiltration behavior.

Install this when you want an explicit bug-review workflow. Review any proposed patch, test, lint, or build command before it runs, especially on untrusted code. Treat the stated expertise persona as framing, not a professional credential, and evaluate the referenced external Night Market/Claude Code plugin separately before installing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list contains broad, common terms like "bugs," "defects," and "fixes," which can cause the skill to activate in contexts where the user did not intend to invoke this workflow. Unintended invocation can steer an agent into running a complex review process, loading extra modules, or suggesting commands in unrelated conversations, increasing the chance of unsafe or disruptive behavior.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to present itself using a fixed expertise persona to establish credibility, which can misrepresent the model's actual qualifications and create undue user trust. In a security or code-review workflow, this framing may cause users to overweight the agent's recommendations or assume professional guarantees that do not exist.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal