ClawHub

InspirAI Evo

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only workflow analysis skill that clearly discloses local reports, project state, and cross-project local stats, with no evidence of hidden execution, network transfer, or malicious behavior.

Install only if you want local workflow tracking across projects. Review generated files before sharing or committing them, especially docs/evo-reports, .evo-state.json, and ~/.claude/evo-stats. Add the optional CLAUDE.md monitoring block only if you want future sessions to persist signal history automatically, and periodically delete stored state if it contains sensitive project context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as workflow analysis/reporting, but its --continue mode explicitly proposes and then performs repository modifications after user confirmation. That expansion from analysis into change-execution increases the chance of unintended code/config changes under the guise of diagnostics, especially when users may invoke it expecting a read-only review tool.

Description-Behavior Mismatch

Low
Confidence
88% confidence
Finding
A skill framed as project workflow analysis also performs cross-project global statistics collection by copying project state into a home-directory store. This broadens scope beyond the immediate project and creates persistence and aggregation behavior that users may not reasonably expect from a local analysis skill.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Persistent cross-project statistics are not necessary for generating a single project's self-evolution report, and the skill does not clearly justify why detailed project state should be retained globally. This creates avoidable privacy and data-retention risk, especially if the state includes natural-language context, pending items, or workflow observations.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad terms like '自我改进', '流程问题', and 'workflow analysis', which can overlap with ordinary conversation and cause accidental activation. Because the skill performs file writes and maintains persistent state, unintended triggering materially raises the risk of unsolicited analysis, data collection, or state changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill creates and updates project and global state files, but the persistence behavior is not surfaced as a strong warning at the point of use. Users may believe they are only generating a report while the skill also writes .evo-state.json and copies data into ~/.claude/evo-stats, leading to unanticipated retention outside the current output.

Ssd 3

Medium
Confidence
94% confidence
Finding
The design explicitly uses dual storage: detailed in-project reports plus global cross-project statistics. Aggregating workflow/state data across projects creates a natural-language leakage surface where sensitive context, work patterns, or pending tasks from one project can persist and later be exposed or misused in another context.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill directs collection of 'current session observations' and inclusion of context summaries in reports/state. Those free-form observations can easily capture sensitive user instructions, debugging details, secrets-adjacent content, or internal project context, which then become persistently stored in markdown/JSON.

Ssd 3

Medium
Confidence
97% confidence
Finding
Copying the entire .evo-state.json into a global home-directory statistics store retains detailed per-project state beyond its original scope. Because that state can include counts, instances, timestamps, patterns, and pending improvements, it becomes a long-lived aggregation point for potentially sensitive operational context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal