ClawHub

马斯克进化系统

Security checks across malware telemetry and agentic risk

Overview

This skill is not clear malware, but it asks the agent to automatically find, install, or create other skills on a recurring schedule without clear approval controls.

Review carefully before installing. Use it only as a manual discovery assistant unless you add controls that require approval before every install or skill creation, inspect source and publisher, pin versions, and disable the daily evolution workflow by default.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation scope is extremely broad, covering generic skill management, system evolution, capability assessment, and skill search/install requests. Overbroad triggering can cause the skill to activate in situations the user did not intend, increasing the chance of unsolicited system-changing actions such as searching for or installing external skills.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises automatic installation after evaluation without any warning, confirmation, or trust-verification step. In the context of a skill that searches external sources like ClawHub/GitHub/SkillHub, this creates a clear supply-chain risk: unreviewed third-party skills could be fetched and installed, potentially introducing prompt injection, data exfiltration, or unsafe tool use.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The daily scheduled workflow describes autonomous install/create behavior as part of recurring execution, with no warning about persistence or system modification. Scheduled, unattended acquisition and activation of new skills materially increases risk because it reduces human oversight and can repeatedly pull in unsafe or compromised content over time.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal