ClawHub

Code Review (Gemini AI)

Security checks across malware telemetry and agentic risk

Overview

This Gemini code-review skill is mostly purpose-aligned, but it contains an undisclosed built-in API key and can upload selected code or file contents to Gemini without an explicit confirmation step.

Install only if you are comfortable with selected code or file contents being sent to Google Gemini. Set your own GEMINI_API_KEY before use, avoid reviewing files that may contain secrets or private customer data, and treat the embedded fallback key as a reason to inspect or patch the script before using it on sensitive repositories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares no permissions, yet its documented behavior requires environment-variable access for a Gemini API key and outbound network access to send code to Gemini. This creates a trust and transparency gap: users and policy engines may not realize the skill can access secrets and exfiltrate source code externally.

Tp4

High
Category
MCP Tool Poisoning
Confidence
72% confidence
Finding
There is a meaningful description/behavior mismatch because the skill’s visible description focuses on code review features but does not clearly disclose external transmission of project files, while the finding also alleges an embedded default API key and undeclared network use. Even if the embedded-key portion is not supported by the shown SKILL.md, the undocumented external service interaction is security-relevant because users may submit sensitive code without informed consent.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger pattern is broad enough that ordinary conversation containing 'review' plus arbitrary inline code or a path-like string could unintentionally invoke the skill. In this skill’s context, accidental activation is more dangerous because invocation may cause local files or pasted code to be sent to an external AI service.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill documentation says it sends files to Gemini but does not prominently warn users that source code, snippets, and potentially sensitive project contents are transmitted to a third party for external analysis. In a code-review skill, this materially increases risk because users are likely to provide proprietary code, credentials in files, or regulated data during normal use.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The function sends user-supplied code to an external third-party API without any consent prompt, warning, or data handling disclosure. In a code-review skill, this is particularly risky because source code often contains proprietary logic, credentials, tokens, internal URLs, or customer data that may be unintentionally disclosed outside the local environment.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
When given a file path, the script silently reads the file and forwards its contents to Gemini, creating a straightforward path for accidental exfiltration of sensitive local files. In this skill's context, users may assume they are running a local code utility, so hidden transmission of arbitrary file contents materially increases the danger.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal