ClawHub

Mev Engine

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a workflow framework, but it under-discloses a bundled script that can upload local text files to an external IMA knowledge base using credentials.

Review before installing. Only use this skill if you want MEV workflow guidance plus IMA delivery behavior. Keep IMA credentials unset unless needed, require explicit confirmation before any upload or push, and verify exactly which file and knowledge-base ID will be used. The evidence supports Review, not malicious intent, because the upload requires a command path and credentials and there is no automatic hidden exfiltration or destructive action in the inspected artifacts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill metadata advertises MEV Engine v8.0 as OpenClaw-native with zero custom scripting, but the README describes v7.0 and states a Python requirement. This inconsistency can mislead users and reviewers about the actual execution model and dependency surface, causing them to underestimate operational or security risks during installation and use.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The skill metadata claims 'zero custom scripts' and OpenClaw-native operation, but the content instructs the agent to execute local Node.js scripts. This mismatch can mislead reviewers and users about the skill's real capabilities, increasing the chance that arbitrary local code execution is accepted without appropriate scrutiny or consent.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The file presents itself as abstract design guidance, yet it includes concrete outbound actions such as uploading via a script and cron-based delivery. Embedding operational exfiltration or delivery steps inside a supposedly conceptual framework can cause agents to perform external writes or transmissions that users did not expect.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill directs shell-style execution of local Node.js scripts even though its stated purpose is a framework/guidance document. Unnecessary command execution expands the attack surface because any referenced script may perform filesystem, network, or environment actions beyond what the user expects from a planning framework.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The prescribed upload and cron delivery behaviors introduce outbound communication and persistence-like scheduling expectations that are not justified by the manifest description. In agent contexts, hidden or under-disclosed external transmission paths are dangerous because they can enable data leakage or unauthorized notifications.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script can upload arbitrary user-specified local .md/.txt content to an external knowledge base using ambient API credentials, which creates a real exfiltration primitive. In the context of a MEV-engine skill, this capability is not obviously necessary, so the context makes it more suspicious because it broadens access from local files to remote transfer without tight scope restrictions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code transmits full local file contents to a remote API but provides no explicit runtime notice, consent prompt, or privacy warning about external data transfer. This is dangerous because users may treat the script as a local utility while unknowingly sending potentially sensitive notes, reports, or memory files to a remote knowledge base.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal