ClawHub

Plan Eng Review

Security checks across malware telemetry and agentic risk

Overview

This skill is an engineering plan-review helper that reads relevant repository context and may save a bounded test-plan file, with no evidence of hidden or destructive behavior.

Install this if you want an opinionated engineering plan review that can inspect local repo context. Expect read-only Git/GitHub metadata checks, reading relevant project docs, and creation of a test-plan markdown file; ask the agent not to write files if you want an in-chat-only review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill extends beyond conversational plan review by instructing the agent to run `gh` commands to inspect PR and repository state. That broadens the skill's effective capabilities into repository reconnaissance, which can expose metadata and enable actions based on ambient credentials without the scope being clearly declared in the manifest.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to search for and read local design documents, and elsewhere to read `TODOS.md`, which materially expands access from plan review into local repository file inspection. In a tool-enabled environment, this can cause unintended disclosure of sensitive project information and violates least-privilege expectations for a review-only skill.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill claims to perform a pre-code-change review, but it also directs the agent to create and write a test-plan artifact on disk. This is a scope escalation from analysis to filesystem modification, which can surprise users, alter the repository state, and create persistence without explicit authorization.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The proactive trigger condition is broad enough to activate the skill during ordinary planning conversations, which increases the chance of unnecessary tool use, repository inspection, or workflow steering without clear user intent. Because this skill includes file reads and writes, over-broad invocation materially increases exposure and makes accidental misuse more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal