Back to skill

Security audit

Astronclaw Code Review

Security checks across malware telemetry and agentic risk

Overview

This code-review skill is not clearly malicious, but it needs Review because it can read arbitrary local file paths and its AI-provider behavior is overstated and underexplained.

Review before installing. Use it only on intended project files and avoid pointing it at home directories, secret files, or regulated/proprietary code until the publisher adds workspace path restrictions. Treat the AI recommendations as local/mock heuristics unless the publisher implements and clearly documents a real provider integration, including exactly what code is sent off-device and how to disable it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The file-level description claims integration with the iFlyTek Spark API, but the implementation only returns mocked or heuristic recommendations. This is dangerous because downstream users or security workflows may rely on the tool as if it performs real AI-backed analysis, creating a false sense of assurance and potentially causing important issues to be missed.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The function is labeled as calling the iFlyTek Spark API, but its body is explicitly simulated and never contacts the external service. In a security or code-review context, this mismatch can mislead operators into trusting generated recommendations as external AI output, weakening review rigor and masking the absence of real analysis.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The exported capability description advertises real-time AI analysis and iFlyTek Spark integration, but the code only provides local mock/fallback recommendations. This misrepresentation increases risk in the skill context because users may enable or deploy the component expecting substantive security analysis coverage when none is actually occurring.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README advertises AI-powered review and names an external provider/API, but it does not clearly disclose that submitted source code may be transmitted to a third-party service for analysis. In a code-review skill, that omission is security-relevant because users may submit proprietary source code, secrets, or customer data without understanding the data-exposure boundary.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly integrates a third-party AI service and mentions external network access, but it does not clearly disclose that user-submitted source code may be sent off-platform for analysis. This creates a real privacy and confidentiality risk because users may submit proprietary code, secrets, or regulated data without informed consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The tool sends full source code and issue data to `generateAIRecommendations` whenever `config.aiEnabled !== false`, but there is no explicit consent flow, privacy notice, redaction step, or indication of whether the AI backend is local or external. In a code-review context, source files often contain proprietary logic, credentials, secrets, or regulated data, so silent transmission can cause confidentiality and compliance breaches.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dynamic_code_execution, suspicious.exposed_secret_literal

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
src/tools/analyzers/security-analyzer.js:110

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
test/basic.test.js:34

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:196

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
test/basic.test.js:12