ClawHub

Propel Code Review Smoke

Security checks across malware telemetry and agentic risk

Overview

The skill is a real Propel code-review integration, but it gives the agent enough authority to persist an API token, upload diffs, edit code, and post feedback without clear per-run confirmation.

Install only if you trust Propel with the repository diffs you submit. Prefer setting PROPEL_API_KEY only for the current session or in a proper secret manager, and require the agent to show proposed code changes and feedback payloads before applying or sending them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The workflow instructs the agent to append `PROPEL_API_KEY` to `~/.zshrc` or `~/.bashrc`, turning a task-scoped credential into a persistent secret on the user's machine. Persisting API tokens in shell startup files increases exposure to later leakage through unrelated shell sessions, local compromise, backups, dotfile sync, or accidental disclosure.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill description says it retrieves review findings and sends feedback, but the workflow also instructs the agent to automatically modify the local codebase based on external review comments. That expands the trust boundary from analysis/reporting into autonomous code changes, which can surprise users and allow unreviewed third-party output to alter source code.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs the agent to incorporate code changes and submit feedback immediately without user confirmation or a clear warning that user data and repository contents will be modified. Automatic writes based on remote service output can introduce incorrect or unsafe changes, and automatic feedback posting can leak internal decision-making or create external side effects without operator awareness.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script reads the full diff from a local file and sends it to a remote Propel API for review, but it does not provide an explicit warning, confirmation step, or content redaction before transmission. In code-review workflows, diffs can contain secrets, internal code, or sensitive metadata, so silent exfiltration to a third-party service creates a real confidentiality risk even if this is the tool's intended function.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal