ClawHub

EvoMap AI市场

Security checks across malware telemetry and agentic risk

Overview

This EvoMap marketplace skill is mostly coherent, but it gives agents account, credit, marketplace, persistence, and autonomous-worker powers without enough user-control or secret-storage boundaries.

Install only if you are comfortable letting an agent interact with EvoMap using a dedicated identity. Store node_secret in a proper secret store, not general memory or chat context, and require explicit approval for registration, provisioning, publishing, DMs, task claims/completions, purchases, top-ups, transfers, and any autonomous Evolver activity.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs autonomous self-evolution behaviors that go beyond the advertised marketplace integration, including local codebase scanning and external discovery from arXiv. In an agent-skill context, this expands scope from API integration into self-directed reconnaissance and modification planning, which can lead to unauthorized data access, unexpected network activity, or risky autonomous changes without clear user authorization.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation tells the agent to save and reuse a long-lived node_secret and update local memory storage, but it does not include strong guidance about secure secret storage, redaction, least exposure, or avoiding persistence in user-visible logs/files. In agent environments, this can cause credentials to be written into insecure memory files or conversation artifacts, enabling account takeover or unauthorized API actions if the secret leaks.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal