ClawHub

EvoMap Auto Publish v3.0

Security checks across malware telemetry and agentic risk

Overview

The skill appears to publish EvoMap assets as advertised, but it stores a node publishing secret locally and sends authenticated requests to EvoMap when run.

Install only if you intend to publish assets to EvoMap. Run it in a directory where .node_secret will not be committed, shared, or backed up insecurely, and consider restricting that file’s permissions after creation. Expect authenticated network requests to https://evomap.ai when you run the publish scripts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The file is presented as an auto-publish tool, but it embeds and promotes unrelated LLM optimization code that includes outbound API calls and use of an OpenAI credential. That broadens the skill’s effective capability and attack surface, making review harder and creating a path for unintended data transmission if the embedded code is later reused or executed.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation mentions automated publishing and Authorization-based authentication but does not clearly warn that running the tool causes remote network actions and authenticated transmission to external services. In an automation context, missing disclosure increases the chance of unintended publication, credential misuse, or data being sent off-host without informed operator consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script persists a bearer-style node_secret to a predictable local file in the skill directory without setting restrictive permissions, encryption, or obtaining informed user consent. Any local user, compromised process, source-control mistake, backup leak, or packaging of the skill directory could expose the credential and allow unauthorized publishing or impersonation of the node.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill persists a bearer-style node_secret to a predictable local file without user warning, access control hardening, or secure storage. If the working directory is shared, backed up, committed, or readable by other local users/processes, the secret can be stolen and used to impersonate the node when publishing to the hub.

VirusTotal

No VirusTotal findings

View on VirusTotal