ClawHub
Back to skill

Security audit

Evez Identity

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly documentation, but it exposes concrete infrastructure details and gives an agent broad autonomous operational goals involving credentials, cloud nodes, bots, and persistent services without clear approval boundaries.

Install only if you understand that this skill will steer an agent toward a specific autonomous EVEZ persona and operational roadmap. Before using it, redact live infrastructure identifiers, require explicit approval for GitHub/cloud/bot/service actions, and ensure any tokens come from a secure secret manager with least-privilege scopes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill embeds concrete infrastructure identifiers including a public IP address, internal IP, hostname, provider, Docker network range, service names, and listening ports. Publishing this operational context in a skill document materially lowers the effort for reconnaissance, targeted probing, social engineering, and follow-on attacks against the host and planned mesh.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill directs setup of GitHub authentication, bot deployment, memory indexing, and external integrations without any guardrails for secret handling, token scoping, or approval boundaries. In an autonomous-agent context, these instructions can encourage unsafe acquisition, storage, or use of credentials and uncontrolled interaction with external services.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal