ClawHub

PR Review Factory

Security checks across malware telemetry and agentic risk

Overview

This skill is legitimate PR-review automation, but it can change GitHub repositories and influence merge flow with broad credentials and limited guardrails.

Install only if you intend to grant repository-changing GitHub automation. Use a fine-grained token limited to selected repositories, review the dependent skills first, and require a dry run or explicit confirmation before creating issues, changing workflows, assigning users, or enabling merge-related behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README describes actions that can create GitHub Issues, deploy GitHub Actions workflows, configure automation triggers, and ultimately affect merge behavior, but it does not clearly warn users that the skill performs repository-modifying operations. In a security-sensitive automation context, missing disclosure can lead users to authorize unintended write actions on repositories, increasing the risk of accidental workflow changes, noisy issue creation, or unsafe merge automation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README requests a GitHub token with repo permissions but does not explain the security and privacy implications of granting broad repository access. Because repo-scoped tokens can often read private code and write Issues, PR comments, and workflow files, insufficient warning may cause users to overgrant privileges and expose sensitive repositories to unintended automation.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrase `帮我审查这个PR` is broad natural language and can be invoked in ordinary conversation without enough scoping or confirmation. In this skill, activation can lead to multi-step automation across review, issue creation, CI setup, and potentially merge-related actions, so accidental invocation could cause unintended repository operations.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The phrase `建立PR质量门禁` is semantically broad and does not clearly constrain what repository, branch, or workflow changes are allowed. Because the skill can generate CI workflows and enforce merge controls, ambiguous activation increases the risk of unauthorized or unintended modification of project automation and governance.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger `审查并记录` is vague because it does not specify what should be reviewed, where results should be recorded, or whether write operations are permitted. In this skill's context, 'record' may create GitHub Issues and assign owners, so ambiguity can result in unintended ticket creation, noisy workflows, or disclosure of review results to the wrong location.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manual trigger uses broad, generic keywords such as 'Code Review' and '代码审查' without repo, permission, or context constraints. In an automation workflow that can fetch PR data, create issues, configure CI gates, and influence merge readiness, this increases the chance of accidental or unauthorized invocation against unintended repositories or pull requests.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal