ClawHub

Robot Evolve

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it can change and retain workspace memory/session content with weak safety boundaries.

Install only if you are comfortable with a skill that can modify workspace memory, move old temp files, scan installed skills, write evolution logs, and persist selected session-state content locally. Keep backups of MEMORY.md, do not rely on --dry-run as a safe preview, and avoid using it in workspaces containing secrets or sensitive session notes unless you first review and constrain the scripts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The script documents a `--dry-run` mode, but the flag is only printed and never propagated to the mutating functions. As a result, operators may invoke it expecting a safe preview while it still rewrites `MEMORY.md`, moves files into `.trash`, and writes audit logs, creating a deceptive safety boundary that can cause unintended changes.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill explicitly authorizes autonomous file-affecting actions such as creating required files, compressing MEMORY.md, and moving old temp files to .trash, but it does not require a clear per-action confirmation before modifying user workspace content. In an agent setting, even 'low-risk' maintenance can alter or discard user-relevant state, so insufficient upfront warning and consent can lead to unintended data changes or erosion of user trust.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The compression routine unconditionally opens `MEMORY.md` for write and replaces its contents once a size threshold is crossed, without user confirmation, backup, or atomic safety controls. In a memory or agent-workspace context, this can destroy historical context, corrupt state, or irreversibly discard information if the simplistic summarization logic is wrong.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script persists extracted conversation content from SESSION-STATE.md into both ChromaDB and markdown files automatically, without any consent, warning, minimization, or filtering for secrets and sensitive data. In an agent/skill context, session state often contains user prompts, operational details, tokens, or private project information, so silent long-term retention increases confidentiality and privacy risk.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The feature list indicates a manual trigger mode using a natural-language phrase like “执行进化”, but the metadata does not define strong confirmation boundaries, authorization checks, or anti-spoofing constraints. In an agent context, vague natural-language activation for an operation associated with evolution, cleanup, scanning, and memory changes can lead to unintended invocation through prompt injection, quoted text, or conversational ambiguity.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal