ClawHub

PR Quality Gate

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent PR review workflow, but it can automatically write to GitHub issues, PR comments, and PR status without a clear approval gate.

Install only if you want an automated PR workflow that may write to GitHub. Before using it on real repositories, confirm the agent will ask before creating Issues, posting PR comments/statuses, invoking external coding agents, or merging PRs; use a read-only or dry-run mode if available.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The skill documentation is internally inconsistent about whether it can merge PRs: one section says the final step may use `gh pr merge`, while a later note says it will not automatically merge and requires user confirmation. In an automation/orchestration context, this ambiguity is dangerous because an agent may interpret the workflow as authorization to perform a merge action without an explicit, fresh user confirmation, enabling unintended code integration into a repository.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly describes a workflow that will automatically create GitHub Issues, update PR state, and trigger AI-assisted remediation, but it does not state that these are repository-modifying actions requiring explicit user confirmation. In an agent setting, that omission can cause users to invoke what sounds like analysis-only behavior while the skill performs writes to the repo or PR, leading to unintended project changes and workflow side effects.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The example workflow shows concrete write operations such as creating Issues and posting PR comments/status updates without any explicit warning or consent checkpoint. Because examples often shape real user expectations, this can normalize automatic repository modification and make accidental writes more likely when users ask for a review or merge recommendation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow explicitly automates external side effects on GitHub, including creating Issues and posting PR comments, but provides no user-facing disclosure, approval gate, or consent step. In a PR-review context this can spam repositories, create misleading or low-quality tickets, and expose internal analysis artifacts to collaborators without the operator clearly understanding that these actions will occur.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal