Evolve
Security checks across malware telemetry and agentic risk
Overview
This looks like a plausible development tool, but it can alter active OpenClaw skills through an unspecified local script.
Install only in an isolated development OpenClaw environment after inspecting the exact evolvectl.sh that will run. Do not point EVOLVECTL at an untrusted path, and require manual review before any generated skill is promoted into active use.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.