ClawHub

Cross Model Review

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cross-model plan review skill; the main cautions are model-provider sharing, local artifact retention, and broad activation phrases.

Install only if you want automated multi-model review of substantial implementation plans. Do not include secrets, credentials, PII, or confidential architecture details unless the selected model providers and local workspace retention are acceptable for that data; also be aware that phrases like "review this plan" may start a model workflow that writes files under tasks/reviews.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are broad natural-language expressions like 'review this plan' and 'is this plan solid?', which can plausibly appear in ordinary conversation and unintentionally activate the skill. Because this skill can spawn another model and persist artifacts, accidental invocation can cause unnecessary processing, cost, and unintended disclosure of plan content into review workspaces.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README documents that plans, responses, changelogs, issues, and summaries are written to a workspace on disk, but it does not clearly warn users that potentially sensitive plan content and review data will be persisted. In the context of auth, payments, and data-model planning, those artifacts may contain security-sensitive architecture details or regulated data references, increasing the risk of unintended retention, local exposure, or inclusion in source control.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger set includes common phrases like 'challenge this' and 'is this plan solid?', which can match ordinary conversation and cause the skill to activate unexpectedly. Because this skill initiates an autonomous multi-round orchestration with subprocess/model spawning and review-state persistence, accidental activation could lead to unnecessary tool use, cost, and unintended handling of sensitive plans.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal