Security audit

EvoClone

Security checks across malware telemetry and agentic risk

Overview

EvoClone is a disclosed agent-cloning skill, but it gives agents high-impact powers to export memory, spawn workers, reset repositories, and overwrite workspace state without enough safeguards.

Install only if you intentionally want experimental agent cloning and swarm behavior. Before using it, back up the workspace, inspect and redact any generated seed ZIP, do not share exported memory blindly, and require explicit approval before rollback, cleanup, survival mode, external helper scripts, or worker actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The skill labels the rollback flow as a 'Safety Reset' while instructing a hard git reset and possible cleanup of untracked files, which are destructive operations that can permanently discard work. The misleading safety framing increases the chance an agent or user will invoke it without understanding the loss of files, logs, or local changes.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README explicitly documents a rollback flow that performs `git reset --hard <hash>`, which can irreversibly discard uncommitted changes in the current workspace. Even though this is documentation rather than executable code, it normalizes a destructive operation without prominent warnings, confirmation requirements, or safer alternatives, increasing the chance that an agent or user follows it in an unsafe context.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The trigger phrases are broad and conversational, such as 'Rollback to cycle <id>', which could be matched unintentionally during ordinary discussion or planning. In an agent skill, ambiguous activation language is risky because it may cause privileged actions to run without sufficiently deliberate user intent.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The rollback section documents destructive behavior, including hard reset and cleanup, but provides no user-facing warning about data loss, scope of impact, or recovery limitations. In the context of an agent skill that may be invoked through natural-language commands, lack of warning materially increases the chance of accidental repository destruction.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The EvoSeed packaging flow explicitly includes memory/history artifacts such as `memory/EVOLUTION_INDEX.md` and distributes them to other agents, but it does not warn about secrets, personal data, internal logs, or proprietary context that may be embedded there. Packaging agent memory for redistribution can create a straightforward privacy and data-leak path if contents are not reviewed or sanitized.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill describes destructive mutations to knowledge files and a rollback that recursively copies snapshot contents back into the workspace, but it does not require explicit user confirmation or present any warning about overwrite/data-loss consequences. In an agent skill context, these steps could silently alter or replace important state and files, making accidental corruption or irreversible loss more likely during a high-stress recovery workflow.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal