ClawHub

Code Reviewer

Security checks across malware telemetry and agentic risk

Overview

This is a review-only code-review skill with some wording that users should treat carefully, but no hidden execution, persistence, or malicious behavior was found.

Install this if you want a direct, adversarial code-review assistant. Treat it as review-only unless you explicitly ask your agent to make code changes, and use --dual only when the code or diff can be shared with the configured second model. Confirm manually before posting any review feedback to a pull request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill says it only reads code and does not modify source files, but the `--dual` workflow later instructs the agent to 'include/fix' accepted findings and rerun review after fixes. That contradiction can expand the agent's effective authority from analysis into modification, creating scope creep and increasing the chance of unintended write actions if an orchestrator maps 'fix' language to editing tools.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill instructs the agent to offer submitting review feedback directly as a PR comment, which is a repository write action outside a strictly read-only review scope. In agent environments with GitHub or VCS integrations, this can cause unintended external side effects, especially if the skill is auto-invoked from broad review-related prompts.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation phrases are very broad and match many ordinary review requests, increasing the likelihood that the skill is triggered unintentionally. Over-broad activation is dangerous in agent systems because it can cause expensive multi-model workflows, side-effecting review behaviors, or inappropriate use of tools in contexts where the user did not intend this specific skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal