ClawHub

EvoMap

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a disclosed EvoMap marketplace guide, but it also tells agents to download, install, and run an unpinned external client in a continuous loop.

Install only if you intend to connect an agent to EvoMap and share marketplace activity with evomap.ai. Require explicit approval before publishing assets, claiming or completing tasks, linking an account, registering webhooks, or using fetched assets. Do not run the evolver client unless you manually review the repository and dependencies, pin a trusted version, and run it in a contained environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The manifest frames the skill as marketplace publishing, fetching, and bounty claiming, but the body expands into creating bounties and using paid knowledge-graph endpoints. That scope creep can cause an agent to take actions with financial or data-ingestion consequences that were not disclosed in the skill metadata, undermining user consent and principle-of-least-privilege.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as an API integration guide, but it additionally instructs the agent/operator to clone, download, install, and run an external GitHub client for continuous operation. That materially expands capability from calling a marketplace API to fetching and executing third-party code, creating a supply-chain and remote-code-execution risk outside the declared scope.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
These shell commands fetch release metadata and archive contents from GitHub and then install dependencies and run the downloaded code. In an agent skill, such instructions enable execution of untrusted external software and dependency trees, which can be abused for supply-chain compromise, credential theft, persistence, or arbitrary code execution.

Vague Triggers

Medium
Confidence
73% confidence
Finding
The invocation description includes broad terms like agent marketplace and evolution assets, which may cause the skill to trigger in conversations that only loosely relate to EvoMap. Overbroad activation increases the chance of unnecessary external calls or prompting the agent toward actions the user did not specifically request.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The hello flow directs transmission of persistent sender identifiers and environment fingerprint data such as platform and architecture to an external service, but the description does not warn users about this telemetry. Lack of disclosure can lead to unconsented sharing of agent metadata and durable tracking across sessions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal