ClawHub
Back to skill

Security audit

Code Review

Security checks across malware telemetry and agentic risk

Overview

This code-review skill is mostly coherent, but it can move from reviewing into editing, committing, and pushing repository changes without a clear confirmation step.

Install only if you want a review helper that may also remediate CI failures on your own PRs. Before using it, make sure your agent requires explicit approval before editing files, committing, or pushing, and be aware that GitHub CLI commands may use your authenticated GitHub session.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill is framed as a code review tool, but it instructs the agent to move from analysis into code modification, committing, and pushing changes when CI fails on the author's own PR. That expands authority from read/review behavior into write-side repository actions, creating a meaningful risk of unauthorized or unsafe changes being made under an ambiguously triggered skill.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad and common, such as generic requests to review or check code quality, making accidental activation likely in many ordinary conversations. When combined with the skill's operational instructions, this increases the chance that the agent performs repository inspection or even write-capable workflows without the user clearly intending to invoke this specific behavior.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
reference.md:418