ClawHub

Hydra Evolver

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malware, but it can install system software, change networking, and scan local machines without enough guardrails.

Install only if you intentionally want an agent to help manage home-lab infrastructure. Review the scripts first, do not let the agent run mesh_provision automatically, use least-privilege Proxmox tokens, restrict any scanning to hosts you own, and treat the hardening claim as unverified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill advertises capabilities that imply file reading and shell-level actions while declaring no permissions, which breaks transparency and prevents users or the platform from applying informed consent and policy controls. In a skill that also references provisioning, deployment, and orchestration, undeclared execution capability materially increases the risk of unauthorized system changes or data access.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented purpose presents the skill as Proxmox-native orchestration, but the described behavior expands into software installation, remote-access tooling, network scanning, host onboarding, and project-file analysis that are not clearly disclosed as the primary function. This mismatch is dangerous because users may invoke the skill under false assumptions, allowing intrusive actions such as lateral discovery, agent deployment, or environment modification without informed authorization.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The script behavior does not align with the stated 'Proxmox-native orchestration' purpose and instead performs broad host bootstrap actions such as installing Docker, Node, Tailscale, and a global npm package. This mismatch increases supply-chain and trust risk because users expecting a narrow Proxmox setup may run a script that expands system capabilities well beyond what the description implies.

Context-Inappropriate Capability

Medium
Confidence
81% confidence
Finding
Installing Tailscale adds persistent remote-networking capability that is not clearly justified by the file's stated orchestration purpose. In a home-lab provisioning context, unneeded mesh-VPN software materially increases attack surface and may enable unintended remote access paths if later configured or abused.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
Labeling the process as 'hardened onboarding' is misleading when the script immediately relies on unauthenticated remote installer pipelines. This can cause users to lower their guard and trust actions that are inconsistent with hardening practices, increasing the likelihood of unsafe execution.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The tool descriptions do not define when the skill may activate, what inputs are required, what systems may be targeted, or what safety checks precede execution. For tools that scan networks, parse local project memory, and provision new hardware, underspecified invocation scope can lead to overbroad execution, unintended targeting, and accidental policy violations.

Missing User Warnings

High
Confidence
94% confidence
Finding
The skill describes network scanning and automatic node deployment without prominently warning users that it may discover hosts and install or configure software across systems. In a home-lab or enterprise-adjacent environment, this creates a serious risk of unauthorized access attempts, policy breaches, and unintended propagation beyond the operator's intended boundary.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script downloads and executes a remote Docker installer directly with shell piping, which grants the fetched content immediate execution with the user's privileges, often root in provisioning scenarios. If the upstream endpoint, transport, DNS, or local environment is compromised, this becomes arbitrary code execution and full host compromise.

Missing User Warnings

High
Confidence
98% confidence
Finding
The Volta installer is executed directly from the network via bash without any integrity verification or explicit warning. This creates a direct remote code execution path during provisioning, and because it alters the runtime toolchain, compromise can cascade into later package installations and development workflows.

Missing User Warnings

High
Confidence
98% confidence
Finding
Executing the Tailscale installer directly from a remote URL without review or verification exposes the host to arbitrary code execution. Because Tailscale affects networking, compromise here is especially sensitive: an attacker could alter network configuration, persistence, or remote-access pathways on the machine.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script performs active network probing of multiple internal IPs and ports without any consent prompt, access-control check, or user-facing disclosure. Even though the target list is limited and framed as cluster discovery, this is still port scanning behavior that can violate network policy, expose internal topology, and be repurposed for unauthorized reconnaissance.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
The Hydra Mesh Evolver is a specialized skill for the OpenClaw Mesh. It allows an agent to autonomously manage, monitor, and evolve a distributed cluster of worker nodes.

## Features
- **Node Injection:** Automatically deploy OpenClaw agents to Windows, Mac, and Linux nodes.
- **Proxmox Telemetry:** Real-time hardware health and VM management.
- **Self-Evolution Loop:** Scans project files (`PROJECTS.md`) and proposes code fixes/resume-plans for stalled work.
- **ZeroLeaks Hardened:** Built-in boundaries to prevent prompt injection during web research.
Confidence
88% confidence
Finding
Automatically deploy

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal