ClawHub
Back to skill

Security audit

AI PR Narrative Factory

Security checks across malware telemetry and agentic risk

Overview

This skill openly turns GitHub PR data into an AI-generated report and publishes it to Feishu; the main caution is external sharing of code-derived information.

Install only if you are comfortable sending PR metadata, diffs, summaries, file lists, and change analysis through the configured GitHub, AI, and Feishu services. For private or sensitive repositories, confirm organization policy, Feishu document permissions, and provider data handling before using the automatic publish flow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly publishes generated PR reports to Feishu and creates a permanent share link, but it does not warn users that PR metadata, code diffs, and derived analysis may be sent to an external collaboration platform and exposed beyond the source repository. This can leak proprietary code context, security-sensitive changes, or internal project details, especially when PRs are private or contain confidential implementation details.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow states that the github skill extracts PR metadata and code diffs and then sends them to an AI analysis tool, but it does not disclose this data handling as a privacy and confidentiality boundary. Users may reasonably assume the agent is summarizing locally, while in reality sensitive source code, comments, or issue links could be transferred to a third-party model or service for processing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow sends PR-derived data, including diff content, file lists, summaries, and other repository metadata, to Feishu in step 4 without any explicit user warning, confirmation, or data-minimization control. Because PR diffs may contain proprietary code, secrets accidentally committed to the PR, or sensitive internal context, this creates a real external data exfiltration risk even if the publication is intended functionality.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal