ClawHub

code-review-for-gitcode

Security checks across malware telemetry and agentic risk

Overview

This GitCode review skill mostly matches its stated purpose, but its posting script can publish PR comments immediately once run and its token handling needs caution.

Review before installing. Use a least-privilege, short-lived GitCode token, prefer an environment variable over command-line or URL tokens, inspect generated comments before any posting step, and do not assume post_review.py will ask for confirmation because it posts immediately after its preview. Run it from a dedicated workspace and verify the temp directory before cleanup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The Python example contradicts the documented API by placing the access token in the JSON body while the specification says it must be sent as a query parameter. This inconsistency can cause authentication failures and may lead users to copy insecure or nonfunctional patterns into production integrations, especially when handling credentials.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation shows an access token being transmitted directly in the URL query string without a prominent warning about credential exposure. Query parameters are commonly logged by shells, proxies, analytics systems, browser history, and server logs, increasing the risk of token leakage.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script prints a patch preview to stderr, which may expose sensitive code, secrets introduced in the PR, or proprietary content into logs or parent-process captures. In CI, agent, or hosted execution environments, stderr is often persisted and visible beyond the intended reviewer, increasing unintended data disclosure risk.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
# 删除 temp 目录及其所有内容
Remove-Item -Recurse -Force temp/
# 或
rm -rf temp/
```

**清理时机**:
Confidence
87% confidence
Finding
rm -rf temp/

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal