ClawHub

Code Project Auto Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill locally inspects a chosen code project and generates a Markdown summary, with some disclosure gaps around file writing but no evidence of hidden network access, credential use, persistence, or destructive behavior.

Install only if you are comfortable letting the skill inspect the selected project folder. Use an explicit project path, avoid repositories containing secrets or proprietary material you do not want processed, and provide an output path that will not overwrite an important file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Scope Creep

Medium
Confidence
90% confidence
Finding
The skill advertises only local file read permission, but its documented behavior includes generating output to a user-specified path, which implies write capability. This mismatch can mislead operators or downstream policy systems about the skill's actual privileges and increases the risk of unauthorized file modification or unsafe path usage if write behavior is implemented.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill writes a generated document to disk when an output path is provided, and the CLI defaults that path to a file inside the analyzed project. For an analysis-oriented skill, this creates an integrity risk because invoking it on an untrusted or sensitive repository changes filesystem state without clear disclosure, which can overwrite files, pollute repos, or trigger downstream automation that reacts to new files.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad, natural-language requests such as asking what a project does or to analyze a code directory, which are likely to collide with ordinary conversation. In an agent environment with local file access, this can cause unintended activation and scanning of user-specified local paths, increasing the chance of unauthorized file exposure or surprising behavior.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrases are broad and map to common requests about understanding codebases, so the skill may be invoked in situations where the user did not specifically intend a filesystem-scanning or document-generation workflow. In an agent environment, overly permissive triggering can cause unintended access to local repositories or unexpected processing of sensitive code.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
When run from the CLI without an explicit output path, the tool automatically writes 项目介绍.md into the target project directory. This is risky in the context of a code-analysis skill because users may expect read-only inspection, while the implicit write can modify a repository, interfere with clean working trees, or place attacker-influenced content derived from README/package metadata into trusted project locations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal