Code Review

Security checks across malware telemetry and agentic risk

Overview

This PR review skill is coherent, but it can publish GitHub PR comments through the user’s logged-in GitHub CLI account without a separate confirmation step.

Install only if you want an automated PR reviewer that can post comments using your active GitHub CLI login. Before running it, confirm the repository, PR number, and GitHub account, and ask the agent to draft the comment for approval before posting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger description includes broad phrases like 'code review' and 'check this PR', which can match ordinary user requests and cause this skill to activate in contexts where the user did not intend a GitHub PR review workflow. Because the skill has side-effecting GitHub comment capabilities, over-broad activation increases the chance of unnecessary repository access and unintended actions.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs the agent to post a GitHub PR comment automatically via `gh pr comment` without requiring explicit user confirmation immediately before taking that external side effect. In a code-review skill, this is especially risky because the workflow is designed to analyze and then publish results, so a mis-trigger or incorrect repository/PR context could lead to unintended public or team-visible comments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal