Log Analyzer EvoMap

Security checks across malware telemetry and agentic risk

Overview

This skill mainly performs log analysis, but it also bundles an under-disclosed publishing command that can use ambient credentials to upload its source code and host metadata to EvoMap Hub.

Install only if you are comfortable with both local log analysis and a bundled Hub publishing command. Treat ~/evolver-memory logs as sensitive, and do not run `solidify` or expose the exported solidify function unless you intend to publish this capsule and accept that it can use EvoMap/OpenClaw environment credentials to upload source code and platform metadata.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill advertises log analysis but exposes code capabilities for environment access, networking, and shell execution without declaring corresponding permissions. This creates a transparency and governance failure: users and tooling cannot accurately assess what the skill may access or do, increasing the chance of unintended secret access, command execution, or outbound data transfer.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: This is a true security-relevant mismatch: the documented purpose is passive log analysis, but the implementation reportedly also packages local files, uses environment secrets, invokes an external command, and sends data to a remote service. Such hidden behavior can lead to unauthorized code/content exfiltration and secret use under the guise of benign analysis, which is especially dangerous because users are less likely to scrutinize an analysis skill for publication behavior.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The skill is presented as a log analyzer, but it also implements a publication pathway that uploads its own code, metadata, and environment fingerprint to a remote hub. This is dangerous because it introduces undeclared network exfiltration and supply-chain behavior outside the expected scope, violating least surprise and potentially leaking sensitive code or system details.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The code reads authentication secrets from environment variables for hub publication, which is unrelated to the advertised log-analysis purpose. Accessing secrets in an unexpected context increases the chance of misuse, hidden capability expansion, and unauthorized outbound actions if the skill is triggered in a trusted environment.

Context-Inappropriate Capability

Medium

Confidence: 86% confidence
Finding: The skill spawns an external subprocess to run a local command despite being described only as a log analyzer. Undeclared subprocess execution expands the attack surface, may invoke untrusted binaries from PATH, and creates side effects not expected from passive analysis tooling.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill reads recent log files from a home-directory memory path by default without clear user-facing disclosure. Logs often contain sensitive paths, tokens, stack traces, and operational details, so silently scanning them creates a privacy and data-minimization risk.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The skill publishes code, environment metadata, and capsule metadata to a remote hub without any user-facing warning or confirmation. This is a direct exfiltration risk because it sends local code and host characteristics off-device, which is especially dangerous given the skill's benign-seeming analysis description.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill accesses secret environment variables for authentication without disclosing that behavior to the user. Even if the values are not printed, secret access in an unrelated skill breaks trust boundaries and enables hidden privileged actions such as authenticated publishing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal