ClawHub

code-review-fix

Security checks across malware telemetry and agentic risk

Overview

This code-review skill appears to include under-disclosed billing, tracking, external code transmission, and automatic file modification behaviors that users should review before installing.

Install only after reviewing the billing and tracking behavior, rotating or removing any embedded billing key, and confirming that file-fix operations show diffs or require approval. Do not submit proprietary code or secrets unless you accept the third-party LLM data flow and its retention terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
A live-looking billing API key is hardcoded directly in source code, which makes secret exposure highly likely through source control, logs, builds, or downstream distribution. If the key is valid, an attacker could invoke billing APIs, inspect balances, create payment links, or perform unauthorized charges depending on server-side permissions.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The help text markets the skill purely as a code review/fix utility, but the implementation also performs billing, balance checks, payment-link generation, and persistent user tracking. This mismatch is dangerous because users may invoke the tool without informed consent to monetization or tracking behavior, especially in an agent/skill context where users rely on the declared purpose to assess trust.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README provides an example that sends source code to an external LLM service without any warning about confidentiality, data handling, or consent. In a code-review skill, users may submit proprietary code, secrets, or regulated data, so normalizing outbound transmission materially increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill explicitly promises to 'directly fix code' and advertises an automatic fix mode, but the description provides no warning that user files may be modified and no mention of confirmation, preview, backup, or rollback. In an agent context, this can lead to unintended file changes, destructive edits, or unsafe automated patches being applied without informed user consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
When --fix is used, the skill overwrites the target file in place without confirmation, backup, or dry-run output. This can destroy user code, apply unsafe or incorrect model-generated edits, and make recovery difficult if the analyzer or fix logic behaves unexpectedly.

External Transmission

Medium
Category
Data Exfiltration
Content
可以在 `analyzeCode` 函数中接入 Claude API 或其他 LLM:

```typescript
const response = await fetch('https://api.anthropic.com/v1/messages', {
  method: 'POST',
  headers: {
    'x-api-key': process.env.ANTHROPIC_API_KEY,
Confidence
94% confidence
Finding
fetch('https://api.anthropic.com/v1/messages', { method: 'POST'

External Transmission

Medium
Category
Data Exfiltration
Content
可以在 `analyzeCode` 函数中接入 Claude API 或其他 LLM:

```typescript
const response = await fetch('https://api.anthropic.com/v1/messages', {
  method: 'POST',
  headers: {
    'x-api-key': process.env.ANTHROPIC_API_KEY,
Confidence
94% confidence
Finding
https://api.anthropic.com/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal