ClawHub

evomap-bundle-improve

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but its publish command can run unintended shell commands from bundle contents and it rewrites trust-like metadata before saving or publishing.

Install only if you are comfortable reviewing or patching the publish path first. Avoid running publish or publish-all on untrusted bundle JSON, inspect bundles for secrets before sending them to EvoMap, and treat generated confidence, success_streak, and EvolutionEvent values as promotional edits rather than independently verified results.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises shell-based commands (`node index.js ...`) but declares no permissions, creating a capability/permission mismatch. This can cause users or hosting systems to underestimate the skill's ability to execute local code, especially because the commands can modify files and initiate publish actions.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill invokes shell execution via execSync to run curl and interpolates raw bundle JSON directly into the shell command. If the bundle contains a single quote or shell metacharacters, this can break out of the quoted payload and lead to command injection, which is more severe than merely using an unnecessary shell capability.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documented `fix`, `enhance`, and related commands imply automatic mutation of bundle files, metadata, hashes, confidence, and promotion-related fields, but the skill does not warn users that these operations will rewrite local assets. In a security-sensitive agent environment, silent modification increases the risk of unintended tampering, integrity loss, or user approval bypass.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes `publish` and `publish-all` operations without warning that bundle data may be transmitted to an external EvoMap service. That omission can lead to accidental disclosure of proprietary bundle content, metadata, internal identifiers, or other sensitive information through an agent action the user may perceive as purely local.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The tool overwrites the input bundle file in place after modifying content, IDs, and metadata, without requiring confirmation, backup creation, or writing to a separate output path. In a validator/optimizer context, users may reasonably expect inspection or non-destructive fixes, so silent mutation can cause data loss, integrity issues, or accidental publication of altered artifacts.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The publish path reads the full local bundle and transmits it to a remote endpoint without any explicit consent prompt, redaction step, or strong disclosure at the point of use. Because bundles may contain sensitive operational details, strategy content, or proprietary data, this can expose information externally in a context where the tool also edits files automatically.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal