ClawHub

review-github-pr

Security checks across malware telemetry and agentic risk

Overview

This is a real GitHub PR review helper, but it can run repository-defined local commands and use your GitHub identity, so it should be reviewed carefully before installation.

Install only if you are comfortable letting the skill use your GitHub CLI credentials to inspect PRs and draft or post reviews. Before allowing it to run checks, verify the exact validation command and be especially careful with PRs that modify CLAUDE.md or other local agent instruction files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger list includes broad natural-language phrases like 'review this PR', 'check this pull request', and 'PR review', which may cause accidental invocation in normal conversation. Because this skill can perform network access, clone repositories, run shell commands, and potentially post GitHub reviews after follow-up confirmation, unintended activation increases the chance of unplanned external actions and exposure to untrusted PR content.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs cloning remote repositories into `/tmp` without a clear up-front warning that it will write to local disk and leave artifacts behind. Even though cloning a repo is expected for PR review, silent filesystem writes to a predictable temp location can surprise users, consume space, persist sensitive code locally, and create risk if subsequent tooling operates on that checkout.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal