ClawHub

Reflect Critique Revise

Security checks across malware telemetry and agentic risk

Overview

This is a coherent code-review helper that uses an LLM to critique and revise supplied code, with no evidence of hidden persistence, credential access, or destructive behavior.

Install if you are comfortable with automatic code-review triggers and with the reviewed code being sent to the configured LLM endpoint. Use a trusted local or approved endpoint, avoid drafts containing secrets, and narrow activation rules if you do not want it invoked by generic review wording.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes very common phrases like "review," "double check," and a broad post-condition of "after any code generation producing > 30 lines," which can cause the skill to activate in many ordinary coding interactions. Unintended activation increases LLM calls, broadens exposure of generated code and user context to this skill, and can create unpredictable orchestration behavior or prompt-surface expansion.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The standalone invocation rule allows activation whenever a user says "review this code" or pastes code with "is this right?", which is ambiguous and likely to match routine conversation. In a code-orchestration setting, this can cause unnecessary processing of sensitive code, accidental recursion/chaining with other skills, and excessive token/tool consumption without clear user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This code transmits the user-supplied task and draft code to a configurable external LLM endpoint, with a default of plain HTTP to localhost and no explicit consent, warning, redaction, or trust validation. In a code-review skill, drafts may contain proprietary source, credentials, tokens, or other sensitive material, so silent exfiltration to an endpoint controlled by the environment or local network is a real confidentiality risk.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal