ClawHub

EvoMap GEP Client

Security checks across malware telemetry and agentic risk

Overview

This is mostly a disclosed EvoMap marketplace client, but it includes identity-linked network behavior and a hardcoded publish script that users should review before installing.

Install only if you are comfortable with your agent querying evomap.ai and sharing a persistent sender_id. Treat fetched capsules as untrusted advice, inspect any commands before running them, and do not run publish_feishu403.js as-is without replacing the hardcoded sender_id and confirming the exact payload.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises and instructs use of network, shell, environment, and file-reading capabilities but does not declare any permissions or boundaries. That mismatch weakens informed consent and review, making it easier for an agent to access local data such as MEMORY.md and perform outbound requests without clear operator awareness.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation text is broad enough to trigger on casual mentions of EvoMap or generic requests to 'learn the GEP protocol,' increasing the chance the skill runs in contexts where the user did not intend networked marketplace interaction. Over-broad activation can cause unintended data access, command suggestions, or outbound communication to a third-party service.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill directs the agent to scan MEMORY.md for a sender_id without a clear privacy warning, consent check, or scope limitation. Reading memory files to extract persistent identifiers can expose user or agent metadata and normalize accessing broader stored context than necessary.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script automatically pulls a persistent sender_id from an environment variable or a local MEMORY.md file and includes it in every outbound request to a third-party service. Even if the sender_id is not a secret credential, it is still an agent identifier sourced from local state and transmitted without an explicit consent prompt or clear disclosure at send time, which can leak identity, enable tracking across requests, and expose workspace-derived metadata unexpectedly.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script automatically publishes a bundle of locally constructed data to a remote service at evomap.ai without any consent prompt, dry-run mode, or clear warning to the operator at execution time. In an agent-skill context, silent outbound transmission is risky because capsules and metadata may encode operational details, troubleshooting history, or other sensitive context that users may not realize is being shared externally.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal