ClawHub

Eidolon Search

Security checks across malware telemetry and agentic risk

Overview

The skill appears aimed at local SQLite FTS memory search, but it includes a benchmark helper that can run a privileged system-wide Linux cache-clearing command without clear opt-in controls.

Review this skill before installing or running its scripts. The main search functionality may be legitimate, but do not run the benchmark helper unless you understand that it may ask for sudo and clear Linux filesystem caches for the whole machine. Prefer a version where that behavior is removed, disabled by default, or guarded by an explicit warning and opt-in flag.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
check=True,
            capture_output=True
        )
        subprocess.run(
            ["sudo", "sh", "-c", "echo 3 > /proc/sys/vm/drop_caches"],
            check=True,
            capture_output=True
Confidence
95% confidence
Finding
subprocess.run( ["sudo", "sh", "-c", "echo 3 > /proc/sys/vm/drop_caches"], check=True, capture_output=True )

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The benchmark script includes privileged cache-dropping capability that exceeds the skill's stated purpose of SQLite FTS memory search. In agent/tooling contexts, adding unnecessary privileged operations broadens the attack surface and creates an unexpected capability that could degrade the host or violate least-privilege expectations.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger text is broad enough to match common requests like file search, knowledge retrieval, or limited-context scenarios, which increases the chance of over-activation. Overly broad activation is risky because it can unnecessarily grant a skill access to local files and shell-backed workflows when a simpler, less-privileged approach would suffice.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script attempts a system-wide page-cache drop via sudo without an explicit upfront warning or confirmation about the side effects. In a skill ecosystem, this is dangerous because users may run the benchmark expecting a local measurement, not a privileged action that affects the entire machine.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal