Security audit

AI Code Review

Security checks across malware telemetry and agentic risk

Overview

This code review skill is mostly purpose-aligned, but it includes under-disclosed system healthcheck behavior that can restart host services and send status to Discord.

Review before installing. Use dedicated OpenAI and Discord credentials, avoid untrusted diff URLs, keep voice notes in a tightly scoped directory, and do not run scripts/healthcheck.sh unless you intentionally want it to restart host services and send operational status to Discord. Treat the ClawHub publish helper as unimplemented despite returning success.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The function claims to publish a skill to ClawHub but only logs and returns success, creating a fail-open condition where callers may believe a deployment/publishing action succeeded when nothing happened. In automation pipelines, this can undermine release integrity, auditability, and security controls that depend on a real publish step succeeding or failing accurately.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal