ClawHub
Back to skill

Security audit

easy-code-review

Security checks across malware telemetry and agentic risk

Overview

This code-review skill reads repository changes and produces review guidance; its higher-risk permissions are mostly disclosed and aligned with that purpose, with some overbroad permission/documentation notes.

Install this only in repositories where you are comfortable granting access to project files and Git history. Review the optional pre-commit hook and CI installer snippets before using them, and consider whether the file.write permission is acceptable for a skill that mainly performs analysis.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The skill documentation claims it has command execution capability ('命令执行') even though that permission is not declared in the manifest. This mismatch is dangerous because it normalizes privileged behavior outside the declared permission model, potentially leading operators or future implementers to add unsafe shell execution for git operations without proper review or sandboxing.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad enough to auto-activate during ordinary coding conversations, which can cause the skill to read repository content or produce review actions when the user did not intend to invoke it. In a skill with file and git access, over-broad activation increases the chance of unnecessary data exposure and unexpected behavior.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation references file writing and command execution without warning users about potentially system-impacting behavior. This is risky because users may invoke the skill expecting passive analysis, while the described capabilities imply state changes or shell access that could modify files or interact with the environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal