ClawHub

Astrai Code Review

Security checks across malware telemetry and agentic risk

Overview

This code-review skill is mostly coherent, but it can automatically send your AI provider API keys and reviewed code to Astrai for routing.

Install only if you are comfortable sending reviewed code and any configured provider API keys to Astrai. Prefer using only ASTRAI_API_KEY for hosted routing, or provide restricted, low-quota provider keys dedicated to this service; unset unrelated AI provider keys before running reviews on private repositories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares access to environment variables and an external network endpoint, but does not declare explicit permissions for those capabilities. That creates a transparency and consent gap: the skill can read sensitive API keys and transmit code diffs and possibly provider credentials to a remote service without a clear permission model surfaced to the user.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill is presented as a code review plugin, but it also acts as a broker that forwards users' provider API keys to Astrai for routing. That behavior materially changes the trust boundary and can mislead operators into exposing unrelated credentials to a third party, creating a secret-exfiltration and supply-chain risk.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The plugin enumerates a broad set of provider API keys from environment variables, including keys unrelated to the immediate review task, and prepares them for outbound transmission. This creates excessive secret collection and violates least privilege: compromise or misuse of the remote service could expose credentials that grant access to multiple AI providers and associated billing/accounts.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code serializes provider API keys into the X-Astrai-Provider-Keys HTTP header and sends them to a remote service. Sending raw long-lived credentials to a third party is highly dangerous because headers may be logged by proxies, observability systems, error handlers, or the receiving service, leading to credential theft and downstream account compromise.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The plugin sends provider API keys off-box without any explicit user-facing warning or consent mechanism in code. In a skill context, silent secret transfer is especially dangerous because users may assume environment variables remain local, increasing the chance of uninformed credential exposure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The full diff, file content, and optional context are transmitted to Astrai, but there is no explicit disclosure or consent flow warning that user code may leave the local environment. This can leak proprietary source, security-sensitive patches, embedded secrets, or regulated data to an external processor, which is particularly risky for enterprise and private repositories.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal