ClawHub

Consolidate

Security checks across malware telemetry and agentic risk

Overview

This skill performs a powerful but disclosed PR-review workflow that posts GitHub review summaries and tracks deferred findings, so it should be used deliberately.

Install only if you want a skill that can act on GitHub PRs, post or update review comments, submit formal reviews, create issues for deferred findings, and edit local checklist/fix_plan files. Invoke it with explicit PR-review intent, especially in public or shared repositories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to read local account-mapping rules and invoke GitHub authentication and user APIs to resolve repository identity before composing options. For a workflow whose stated purpose is consolidating PR review feedback, this expands access into local configuration and auth-token-backed identity checks, increasing the blast radius and creating an unnecessary secret- and environment-dependent capability. In adversarial or compromised skill content, the same pattern could be repurposed to probe local state, enumerate logged-in accounts, or misuse repo-scoped credentials.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill's declared purpose is posting/consolidating PR review feedback, but this section expands scope into creating new GitHub issues and mutating local tracking files. That creates side effects outside the immediate PR-review medium and can be abused to persist attacker-influenced content into project planning artifacts or spawn issue noise without explicit user confirmation in all cases.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Environment-dependent mutation of workspace files broadens the skill from summarization into local state modification, which is unrelated to merely consolidating review feedback. Because the target file is chosen by workspace detection, the agent may write to repository tracking files based on ambient context rather than explicit user intent, enabling unauthorized persistence of untrusted review content.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill advertises many generic trigger phrases such as "PR review," "review check," and "merge ready," which are common in normal developer conversation. This increases the chance the skill is invoked unintentionally in contexts the user did not explicitly mean, causing review automation, repository actions, or external feedback handling to run without clear intent. The broad trigger set is more concerning here because the skill can use powerful tools like Bash, Edit, and Write and is designed to act on PR workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal