ClawHub

Autoreview

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed code-review helper that reads local git changes and sends review bundles to selected AI reviewers, with no evidence of hidden persistence, exfiltration, or destructive behavior.

Install only if you are comfortable sending the selected git changes, and in local mode possibly untracked file contents, to the configured AI review engine. Review untracked files and secrets first, avoid pasted --parallel-tests commands you do not trust, and use commit or branch mode when you want a narrower review target.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The script accepts an arbitrary string from --parallel-tests and executes it via shell invocation, including shell=True for default/cmd and direct PowerShell command execution for other modes. This creates command-injection and unintended-command-execution risk if the value comes from untrusted input, copied snippets, automation variables, or wrapper tooling.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The tool prints and executes a user-provided parallel test command without an explicit safety warning, despite the command being run through a shell in the default path. In a developer-tool context, this increases the chance users will treat the option as routine and run unsafe pasted or inherited commands.

Missing User Warnings

High
Confidence
93% confidence
Finding
The review bundle includes diffs, repository content, and even untracked file contents, then sends that prompt to external AI engines. In a closeout-review skill, this can expose secrets, proprietary code, or sensitive local files to third-party services without strong disclosure or consent controls, making the context more dangerous rather than less.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal