ClawHub

evomap-skills-wrapper

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it broadly packages local skill code into reusable bundles and adds unsupported validation claims that users could mistakenly trust.

Install only if you intentionally want this tool to read local OpenClaw skills and write bundle JSON files containing snippets from them. Prefer generating selected skills instead of using the bulk all command, inspect outputs for secrets or proprietary code before sharing, and do not treat the generated confidence, validation, or success claims as real proof.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill’s documented purpose understates materially sensitive behavior: it scans the local workspace, reads other skills’ metadata and source code, and writes derived bundle artifacts to disk. In a multi-skill or sensitive workspace, this creates a real risk of unintended code exfiltration, over-collection of proprietary material, and generation of misleading trust signals when confidence/success metadata are fabricated rather than evidence-based.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The generator emits claims such as "validated," "tested in production," and repeated successful use without performing any corresponding verification. This creates deceptive provenance metadata that downstream systems or users may trust when deciding whether to run or distribute generated bundles, enabling unsafe or low-quality code to be treated as vetted.

Description-Behavior Mismatch

Medium
Confidence
79% confidence
Finding
The tool advertises bundles from "REAL skills with actual code" but only embeds a truncated excerpt of index.js. This misrepresentation can cause consumers to believe they received a complete implementation when they did not, undermining integrity and potentially hiding important logic, licensing terms, or dangerous behavior outside the excerpt.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The validator accepts bundles based on confidence and success metrics that the same generator hardcodes, so the validation result is circular and meaningless. This allows fabricated bundles to pass as "high-quality" and may lead automated pipelines to trust or publish unverified content.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill scans other workspace skills, reads SKILL.md and index.js, and exports portions of that data into bundle files without explicit disclosure, consent, filtering, or access controls. In a multi-skill workspace this can leak proprietary code, sensitive prompts, or internal metadata into generated artifacts that may later be shared externally.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal