ClawHub

Capability Evolver Pro.Bak

Security checks across malware telemetry and agentic risk

Overview

The code appears to be a local log-analysis skill, but its package metadata asks for unrelated high-impact capabilities and the package identity is inconsistent enough to require review before install.

Install only if you need deliberate local analysis of provided runtime logs. Redact secrets before submitting logs, constrain invocation to explicit log-analysis requests, review recommendations before applying them, verify the exact publisher/slug/version, and do not grant purchase, crypto, or credential permissions unless the publisher clearly explains why they are needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description and quick-use framing use broad troubleshooting and improvement language that can match many ordinary agent tasks, increasing the chance the skill is auto-invoked outside a narrowly intended log-analysis context. Because this is a meta-skill for agent self-improvement, overbroad routing can cause unnecessary access to runtime logs and influence operational decisions across many workflows.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The "When to Use" section lists generic phrases like 'what's failing' and 'improve my agent' without constraints, which can trigger the skill for broad diagnostic or planning requests unrelated to structured log analysis. In an agentic environment, that ambiguity increases prompt/skill selection risk and may cause this skill to intercept sensitive operational contexts or steer behavior more often than intended.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal