ClawHub

Frontend Code Review

Security checks across malware telemetry and agentic risk

Overview

This is a normal frontend code review skill with no executable code or hidden high-impact behavior, though its routing language is somewhat broad.

This skill is reasonable to install for frontend code review workflows. Be aware that its trigger wording is broad, so users should invoke it when they specifically want frontend or UI code review, and use specialized skills for deep security, accessibility, E2E, or performance investigations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest description is very broad and includes generic triggers like 'code review', 'PR review', and 'review', which can cause this skill to activate for many common requests outside its intended scope. Over-broad routing increases the chance of misdelegation, causing users to receive an inappropriate review workflow or miss specialized handling such as security-focused analysis.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The description includes the generic trigger term "review," which is broad enough to match many ordinary user requests and can cause the skill to activate outside its intended frontend code-review scope. Over-broad invocation increases the chance of misrouting user tasks, suppressing more appropriate specialized skills, and expanding the skill's effective authority beyond what users likely intended.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The description contains broad invocation triggers such as 'general frontend code review' and especially the generic trigger 'review', which can cause this skill to be selected for requests outside its intended scope. Overly broad routing increases the chance that users seeking specialized security, accessibility, performance, or other reviews are handled by a generalist skill, leading to missed risks or incorrect delegation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal