ClawHub

EvalLayer Evaluator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed wrapper around EvalLayer's external API, so it is acceptable to install if users understand that submitted deliverables leave their environment and may be stored for aggregation.

Install only if you are comfortable sending selected deliverables to EvalLayer over HTTPS and having their extracted content stored for aggregation. Avoid submitting secrets, confidential business material, regulated data, or personal information; use a dedicated EvalLayer API key; and do not treat automated pass/fail or payout recommendations as final for consequential decisions without human review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

External Transmission

Medium
Category
Data Exfiltration
Content
requires.env:
    - EVALLAYER_API_KEY
  requires.bins:
    - curl
    - python3
  primaryEnv: EVALLAYER_API_KEY
---
Confidence
94% confidence
Finding
curl - python3 primaryEnv: EVALLAYER_API_KEY --- # EvalLayer Evaluator Skill AI-powered deliverable evaluation for any OpenClaw agent. Multi-stage verification pipeline extracts factual claims

External Transmission

Medium
Category
Data Exfiltration
Content
For environments without python3, use curl directly:

```bash
curl -s -X POST https://api.evallayer.ai/evaluate \
  -H "Authorization: Bearer $EVALLAYER_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"task_type": "crypto_research", "topic": "your topic", "deliverable": "content to evaluate"}'
Confidence
97% confidence
Finding
https://api.evallayer.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
Access aggregated market intelligence from all evaluations:

```bash
curl -s https://api.evallayer.ai/intelligence \
  -H "Authorization: Bearer $EVALLAYER_API_KEY"
```
Confidence
91% confidence
Finding
https://api.evallayer.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
TOPIC_ESCAPED=$(printf '%s' "$TOPIC" | python3 -c 'import json,sys; print(json.dumps(sys.stdin.read()), end="")')
DELIVERABLE_ESCAPED=$(printf '%s' "$DELIVERABLE" | python3 -c 'import json,sys; print(json.dumps(sys.stdin.read()), end="")')

curl -s -X POST "https://api.evallayer.ai/demo/evaluate" \
  -H "Content-Type: application/json" \
  -d "{
    \"task_type\": \"crypto_research\",
Confidence
84% confidence
Finding
curl -s -X POST "https://api.evallayer.ai/demo/evaluate" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
TOPIC_ESCAPED=$(printf '%s' "$TOPIC" | python3 -c 'import json,sys; print(json.dumps(sys.stdin.read()), end="")')
DELIVERABLE_ESCAPED=$(printf '%s' "$DELIVERABLE" | python3 -c 'import json,sys; print(json.dumps(sys.stdin.read()), end="")')

curl -s -X POST "https://api.evallayer.ai/demo/evaluate" \
  -H "Content-Type: application/json" \
  -d "{
    \"task_type\": \"crypto_research\",
Confidence
84% confidence
Finding
https://api.evallayer.ai/

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal