ClawHub

Code QC

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate code quality audit skill, but it can run project code and optionally modify files when fix mode is explicitly used.

Install this only if you want an agent to run real QC commands against your code. Use a clean git branch or isolated environment for unfamiliar repositories, inspect package/test scripts before a full audit, and use --fix only when you are ready to review automatic diffs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as a QC and reporting tool, but `--fix` mode performs code modification and formatting on the target repository. That is dangerous because users invoking a review-style skill may not expect mutation of source code, which can alter project state, introduce regressions, or overwrite in-progress work.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The QC profile includes `ruff check --fix` and `ruff format`, which modify repository files during what is described as an audit/review workflow. In an agent setting, silently changing code can corrupt the target project, mask defects, or create unauthorized edits without explicit user consent, making this an unsafe side effect for a read-oriented quality-control skill.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The profile is for a QC/audit skill, but it includes `npx eslint . --fix`, which changes source files rather than only inspecting and reporting. In an automated agent context, this can cause unintended repository modifications, mask problems by silently rewriting code, and violate user expectations for a read-only audit workflow.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation guidance is broad enough to activate the skill for generic requests like 'review' or 'check code quality,' which may cause the agent to run an extensive workflow with file reads, test execution, generated smoke tests, and optional writes when the user only wanted a lightweight analysis. Over-broad triggering increases the chance of unintended repository interaction and execution of higher-risk phases.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill description does not prominently warn that `--fix` can automatically modify code and that normal operation writes baseline and report files into the repository. Omitting these side effects undermines informed consent and can lead users to trigger state-changing actions they did not intend.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The profile directs the agent to auto-activate local virtual environments and run Poetry commands such as `poetry shell` or `poetry run pytest` without warning or confirmation. In practice, environment activation and package-manager execution can trigger project-controlled hooks, arbitrary local binaries, or untrusted dependency code, causing command execution in a repository supplied by an attacker.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documented fix-mode command modifies project files without any warning, confirmation step, or constraint limiting when it may be used. Because the skill is described as producing a standardized QC report, this mismatch makes the behavior more dangerous: an agent could mutate code during analysis, potentially introducing changes, breaking builds, or creating hard-to-review diffs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal