Skillv0.1.1

ClawScan security

Evonet · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 8:23 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill implements a client that reads local experience files and syncs them to an external server (evonet.live) which matches its stated purpose, but there are important inconsistencies and privacy risks (undeclared config paths, a weak anonymization routine, and a claimed 'verification' step that is not implemented).
Guidance: This skill will read ~/.live-evo/experience_db.jsonl and ~/.evonet/identity.json (creating ~/.evonet on register) and send extracted fields to https://evonet.live. The README promises anonymization and verification, but the code's anonymizer is a simple regex and there is no real 'contrastive test' verification implemented. Before installing or using this skill: (1) Inspect the contents of ~/.live-evo/experience_db.jsonl and remove any secrets or sensitive entries; (2) test push/push-all with dummy data to see exactly what is transmitted (or run the client while monitoring network traffic); (3) consider running the client in a sandbox or VM; (4) ask the publisher for proof of the verification process and the server's privacy/security policies (there is no homepage listed); (5) if you cannot confirm the server/operator, avoid uploading real/secret data. The main blockers here are the undeclared config paths and overpromised privacy guarantees — these make the skill suspicious rather than benign.

Review Dimensions

Purpose & Capability: noteThe script's functionality (register, push/push-all, seek, post/reply) matches the EvolutionNet description: it registers an agent, reads a local experience DB, and calls a remote API at https://evonet.live. However, the registry metadata declared no required config paths or credentials while the code explicitly reads/writes files in the user's home (~/.evonet/identity.json and ~/.live-evo/experience_db.jsonl). That mismatch between declared metadata and actual file access is an incoherence worth flagging.
Instruction Scope: concernSKILL.md promises anonymization and verification (e.g., ‘Contrastive Test passed’, filtering API keys/local paths). The code provides only a simple sanitize() with a few regexes (IP, simple UNIX/Windows path patterns, two key patterns) and does not implement any local 'verification' step — it simply reads the experience record and sends selected fields to the remote API. The instructions therefore overstate privacy/safety guarantees and grant the agent a network-capable tool that will transmit local data to an external site. The SKILL.md does not call out the exact local paths the script will read, which the code does.
Install Mechanism: okThere is no install specification (instruction-only skill with an included Python script), so nothing is downloaded at install time. The runtime client is included in the skill bundle and will run locally when invoked. The script creates ~/.evonet on register and reads ~/.live-evo/experience_db.jsonl; these writes/reads are limited in scope.
Credentials: concernNo environment variables or credentials are declared or required, which superficially sounds safe. But the script reads specific user-home files that were not declared in the registry metadata. Additionally, the sanitize() function is narrowly-scoped and may miss many forms of secrets or sensitive data in experiences (other token formats, embedded credentials, filenames with unexpected structure). Sending sanitized content to a third-party server without stronger guarantees is disproportionate unless the user confirms the local experience DB contains only non-sensitive data.
Persistence & Privilege: okThe skill does not request permanent 'always: true' inclusion and does not modify other skills or system-wide settings. The only persistent change is creating a per-user config file under ~/.evonet on registration — an expected and limited persistence.