ClawHub

PR Review Loop

Security checks across malware telemetry and agentic risk

Overview

This skill matches its PR automation purpose, but it can automatically push, merge, delete branches, and force-merge PRs even when review quality has not passed.

Install only for repositories where the agent is intentionally allowed to push commits, post PR comments, merge PRs, and delete branches. Require human approval or repository protections before merge and branch deletion, and disable the force-merge paths for low, failed, or stagnant review scores.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill explicitly allows unconditional merge after max rounds or repeated stagnant low scores, bypassing the earlier quality threshold of 4/5. In a PR automation context, this can cause unreviewed, insecure, or broken code to be merged simply because the loop stalled, turning a quality-control safeguard into a time-based override.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The contradictory instructions create ambiguity at a critical decision point: one section says to merge anyway, while another says to notify/escalate. In autonomous systems, ambiguity often resolves to whichever branch is easier to implement, increasing the risk of unsafe merges or inconsistent handling of risky PRs.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill is designed to perform repeated pushes, retrigger external review, merge PRs, and delete branches, yet it does not prominently warn users about these destructive side effects. In an autonomous agent setting, missing warnings materially increase the chance that users invoke the skill without understanding that it can modify repository history and finalize changes automatically.

Missing User Warnings

High
Confidence
97% confidence
Finding
The auto-merge command includes branch deletion and is presented as a routine step without any user-facing warning, confirmation gate, or limitation. In repository automation, this can irreversibly merge flawed code and remove the working branch, making recovery and audit harder, especially if the skill is triggered broadly or by mistake.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal