ClawHub

AI Code Reviewer

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only code review helper; its risky parts are disclosed and fit the purpose, but users should review generated fixes and scope any tokens carefully.

Safe to install as an instruction-only helper. Before using it on private repositories, confirm where code is sent, redact secrets, use a narrowly scoped GitHub token only if PR automation is needed, and review all generated patches or PRs before applying them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The invocation examples use very generic phrases such as '审查这段代码' and '完整审查', which are likely to overlap with normal user conversation. In an agent platform, broad triggers can cause accidental activation or execution of review-related behaviors when the user did not intend to invoke this skill, especially if code, files, or repository context are implicitly available.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README advertises '审查并自动修复' and optional GitHub token support for automatic PR behavior without prominent safety warnings, approval flow, or constraints on what can be modified. In a code-review skill, this increases the risk of unintended code changes, unsafe patches, or repository actions being performed with user credentials or integrated automation.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases and usage examples are extremely generic (for example, '代码审查', 'code review', '审查这段代码', and '完整审查'), which overlap with normal user requests unrelated to explicit skill invocation. This can cause the skill to activate unexpectedly, expanding its authority and potentially invoking dependent capabilities like coding-agent or github in situations where the user did not clearly intend that behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal