ClawHub

GitHub 智能代码审查与 CI/CD 自动化

Security checks across malware telemetry and agentic risk

Overview

The skill fits its GitHub review/CI purpose, but it can use a logged-in GitHub account to post PR comments and generate workflow files without a clear approval step.

Install only if you are comfortable with the agent using your current GitHub CLI login to read target repositories and PR diffs. Before running it, verify the repository and account, review generated workflow files carefully, and require a manual confirmation before any PR comment is posted or any workflow file is applied.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly states the agent will write review results into PR comments and generate workflow files, but it does not warn users that these actions modify repository or PR state. In an automation skill, undisclosed state-changing behavior can cause unintended comments, commit noise, or repository workflow changes, especially if a user expects read-only analysis.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrases include broad everyday terms such as '代码审查' and '生成 CI/CD', which can easily match normal developer conversation and unintentionally invoke a high-impact automation skill. In this skill's context, accidental activation is more dangerous because it can lead to repository inspection, AI review, PR commenting, and CI/CD workflow generation without a clearly scoped user intent check.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes generating CI/CD workflows and posting PR comments, but it does not require explicit user acknowledgment before performing those write operations. In a GitHub-integrated automation context, this can cause unintended repository changes, noisy or misleading PR activity, and potentially unsafe workflow files being introduced into source control.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow includes side-effecting actions such as generating CI/CD workflow files and posting PR comments, but it does not specify explicit user confirmation, dry-run behavior, or warnings about publishing content to GitHub. In a repository context, this can lead to unintended automation changes, noisy or sensitive PR comments, and misuse in contexts where the user only asked for analysis rather than repository-affecting actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal