Security audit

Evez Fleet

Security checks across malware telemetry and agentic risk

Overview

This skill provides cloud deployment scripts that appear purpose-aligned, but they can create persistent infrastructure, store API keys, and run a remote installer with limited warning and overly strong free-cost claims.

Review before installing. Only run these scripts in a GCP project where you are prepared for possible billing and persistent resources, and treat the provider API key argument as sensitive because it may enter shell history and local config. Prefer auditing or pinning the remote installer before running the GCP setup script.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Intent-Code Divergence

Medium

Confidence: 87% confidence
Finding: The script markets itself as a 'free-tier' setup and prints an estimated monthly cost of $0.00, but it also provisions resources whose actual cost characteristics depend on region, usage, and quota details. Misleading cost claims can cause users to run the script under false assumptions and incur unexpected charges, especially when combined with enabling services and creating persistent infrastructure.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill advertises scripts that deploy infrastructure, modify provider configuration, and automatically restart services, but it provides no explicit warning about side effects, costs, persistence, or potential service disruption. In an agent setting, this omission increases the chance that a user or downstream system invokes operationally dangerous actions without informed consent, which can lead to unintended infrastructure changes or outages.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script takes a raw API key on the command line and persists it into local OpenClaw configuration via `openclaw config set ... apiKey`. Command-line secrets are commonly exposed through shell history, process listings, logs, and persistent config storage, so this creates a real credential-handling risk even though the script does not exfiltrate the key itself.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script remotely logs into a newly created VM and executes a network-fetched installer without clearly warning the user that arbitrary third-party code will run on the instance. This creates a significant supply-chain risk: if the remote installer or delivery path is compromised, the VM can be fully controlled and used as a foothold in the user's cloud environment.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal