ClawHub

Pr Review

Security checks across malware telemetry and agentic risk

Overview

This is a simple PR review checklist skill with broad review triggers but no code execution, data access, persistence, or hidden behavior.

Safe to install if you want a generic PR/code review checklist. Be aware it may activate on broad phrases like “code review,” “review changes,” or “review diff,” so use explicit wording when you want a different built-in or specialized review workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill is described and triggered in very broad terms for any code review task, which can cause it to activate for generic review requests rather than narrowly scoped PR-review scenarios. Overly broad invocation increases the chance of unintended routing, where users may invoke this skill instead of a more specific or safer built-in review flow, leading to confused-deputy behavior and expanded attack surface.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
88% confidence
Finding
The trigger 'review PR' is close enough to a built-in 'review' command that it may shadow or compete with native routing behavior. This can cause ambiguous dispatch, where a user intending to use a trusted built-in review capability is instead routed into this skill, potentially bypassing expected safeguards or producing inconsistent behavior.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
90% confidence
Finding
The trigger 'review changes' is generic and overlaps semantically with a built-in 'review' command, creating a realistic risk of command shadowing. In practice this can divert broad review requests into the skill unexpectedly, causing unintended execution and making it harder for users to predict which review path will run.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
90% confidence
Finding
The trigger 'review diff' also overlaps strongly with the built-in review command domain and is likely to match common user phrasing. Such overlap increases the likelihood of accidental invocation, ambiguous intent resolution, and reliance on skill behavior where users may have expected a default trusted review path.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal