ClawHub

claude-review

Security checks across malware telemetry and agentic risk

Overview

This is a real Claude-based review tool, but it can send selected work files to Claude and persist failure notes locally without per-run confirmation.

Install only if you intentionally want an external Claude-based review step. Keep context paths narrow, avoid reviewing folders with secrets or unrelated private data, and periodically inspect or clear the LESSONS.md file if task details should not persist.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script persists review output into a long-lived LESSONS.md file even though the skill is presented as a review gate. That creates an undeclared side effect: task summaries, context filenames, and extracted review issues may be written to disk and retained across runs, which can leak sensitive project details or violate user expectations about a read-only review step.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Automatically modifying LESSONS.md is not necessary to perform the stated review function, so it expands the script's authority beyond a simple quality check. In security-sensitive environments, unexpected writes are risky because they can leave behind sensitive artifacts and can be abused to alter future agent behavior if LESSONS.md is later consumed as guidance.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are broad and map to common conversational requests like 'review your work' or 'check your output', which can cause the skill to activate unexpectedly during ordinary interaction. In this skill, unintended activation is more sensitive because it may launch an external review process and transmit generated work or related files to a separate Claude instance without a distinct confirmation step.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explains the mechanics of using a separate Claude instance, but it does not present a clear user-facing warning at invocation time that files, folders, reference material, and LESSONS.md may be sent to an external service. This creates a meaningful data-exposure risk because users may trigger review on sensitive outputs without informed consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script writes review details to LESSONS.md without warning the user at the time of the write. Because the logged data includes task summaries, context paths, and extracted issues, this can silently persist potentially sensitive information and surprise users who believed the tool only performed analysis.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal