AI Code Review

Security checks across malware telemetry and agentic risk

Overview

This is a scoped ClawHub maintainer review skill that can use GitHub and proof-publishing workflows, but the behavior is disclosed and aligned with that purpose.

Install this only if you want an agent to help with ClawHub maintainer PR/issue workflows. Be aware it can guide the agent to use your GitHub authority for comments, proof publication, labels, and close decisions, so review generated comments and target PRs before allowing write actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: This is a true scope-expansion issue: a skill presented as a code-review tool also instructs the agent to stage, commit, and push repository changes when CI fails on its own PR. That turns a review workflow into a code-modification and publication workflow, increasing the chance of unintended or unauthorized changes being made under the guise of review automation.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The activation phrases are broad enough to match many ordinary requests such as 'review this' or 'check the code,' which can cause the skill to trigger in contexts the user did not specifically intend. Because this skill includes shell commands and repository-affecting guidance, overbroad activation raises the risk of unnecessary command execution or workflow takeover.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal