ClawHub

Safe Evolver

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local logging and suggestion library, not malware, but it can store sensitive interaction data if users record raw prompts, outputs, commands, or paths.

Install only if you are comfortable with local history files being created and populated with whatever data your code passes to recordInteraction. Do not log secrets, credentials, private file contents, regulated data, or raw sensitive prompts/responses. Keep any code, command, or workflow changes based on its suggestions behind explicit human review, and treat the documented LLM/export/apply APIs as unimplemented examples that would need separate security review before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The documentation claims improvements are safety-checked and support human review, but later examples normalize automatic application of suggestions. In a self-modifying or behavior-modifying agent context, bypassing a mandatory review gate can let flawed or unsafe recommendations change runtime behavior without adequate oversight.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The FAQ tells users to review suggestions before changing code, but the API examples show the skill directly applying improvements. This contradiction can mislead integrators into deploying automatic behavior changes they believe are still review-gated, increasing the risk of unsafe modifications.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is presented as a constrained safety engine, but the documented interface includes applying operational commands as improvements. That mismatch is risky because users may trust the product as analysis-only while it can materially alter execution behavior, expanding blast radius beyond passive reporting.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation encourages recording tool calls, responses, errors, and audit logs without a clear privacy warning or minimization guidance. These records can contain sensitive user data, file paths, command history, or secrets, creating unnecessary retention and disclosure risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The examples show API key configuration and LLM-enabled analysis without warning that interaction data may be transmitted to external models or that credentials require secure handling. This can lead developers to hardcode secrets and unintentionally exfiltrate logged content to third-party services.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents automatic application of improvements without clearly warning that these changes may alter execution logic or trigger impactful actions. In agent systems, automatic optimization can become unsafe self-modification, especially when recommendations affect tool use, commands, or operational decision-making.

Ssd 3

Medium
Confidence
90% confidence
Finding
The audit configuration explicitly supports including all data and exporting it, which normalizes broad retention of potentially sensitive session content. Full-fidelity audit exports increase the likelihood of collecting secrets, personal data, and proprietary prompts that could later leak or be misused.

Ssd 3

Medium
Confidence
94% confidence
Finding
The interaction logging design encourages persistent capture of detailed tool calls, responses, context, paths, and errors. In practice this can accumulate highly sensitive operational data and user content, creating a substantial leak surface through logs, reports, or downstream analysis systems.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal