PR Doctor

Security checks across malware telemetry and agentic risk

Overview

This PR review skill is coherent, but it can automatically create GitHub Issues and persist review learnings without a clear confirmation step.

Install only if you want an agent to use your GitHub authorization to review PRs and potentially create Issues automatically. Before running it, confirm the target repository, GitHub account, Feishu destination if used, and whether .learnings/ retention is acceptable; prefer disabling automatic issue creation or requiring approval before any write.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README explicitly describes a pipeline step that can automatically create GitHub Issues and write local learning files, but it does not clearly warn users that running the skill may mutate external repository state and local filesystem state. In an agent setting, undocumented side effects are dangerous because a user may expect analysis-only behavior while the skill performs persistent actions such as opening Issues or modifying files.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list includes broad, natural phrases such as '代码审查', 'review PR', and '检查我的PR', which can match ordinary user requests and cause the skill to activate unintentionally. Because this skill chains additional actions like issue creation and local learning writes, accidental invocation can lead to unexpected side effects beyond simple read-only analysis.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill performs or proposes state-changing operations—automatically creating GitHub Issues and persisting learning data to disk—but the description does not prominently disclose these side effects before use. In practice, a user may invoke what appears to be a review workflow and unintentionally cause repository modifications or local data retention, which is especially risky in automated or privileged environments.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The workflow is configured to automatically create GitHub issues from PR review results, but the manifest does not clearly disclose this side effect to end users or indicate that external repository state will be modified. In a PR-review context, this can generate unwanted issue spam, leak review-derived details into persistent trackers, and perform repository actions under the user's GitHub authorization without sufficiently explicit consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal