Everclaw

Security checks across malware telemetry and agentic risk

Overview

Everclaw is a coherent cloud-memory backup skill, but it automatically uploads sensitive agent files to a third-party service and creates ongoing sync without a clear consent step.

Install only if you are comfortable with Everclaw receiving your agent memory, identity, user profile, TOOLS.md, and HEARTBEAT.md files. Before invoking it, review those files for secrets or sensitive details, decide whether recurring sync is acceptable, and protect or rotate the generated EVERCLAW_API_KEY if it may be exposed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill instructs the agent to modify local configuration and HEARTBEAT.md, which expands its behavior from remote backup into persistent local system/workspace changes. That creates integrity and consent risks because invoking a storage skill silently alters future agent behavior and persistence settings.

Description-Behavior Mismatch

Low

Confidence: 88% confidence
Finding: Including TOOLS.md in automatic sync is risky because that file commonly contains environment details, endpoints, operational notes, and sometimes sensitive configuration that may not be recognized as credentials. The skill's safety framing may cause users to underestimate what natural-language or operationally sensitive data is being transmitted to the remote service.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The guardrails say not to store secrets or credentials, but setup persists EVERCLAW_API_KEY into local config. Even if intended for functionality, this is still secret persistence and creates a contradiction that can mislead operators about how secrets are handled.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill directs the agent to perform full setup automatically without asking the user, even though setup writes local config, modifies workspace files, provisions a remote vault, and uploads data. Removing user confirmation for actions with persistence and data transfer undermines informed consent and increases the chance of unintended disclosure or workspace modification.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The description markets encrypted backup benefits but does not clearly warn that workspace memory files will be transmitted to a third-party remote service. This can materially affect user trust and consent because users may invoke the skill without understanding the privacy consequences.

Ssd 3

Medium

Confidence: 93% confidence
Finding: Automatic backup of USER.md, MEMORY.md, daily logs, and related workspace files creates a substantial data leakage risk because these files often contain personal preferences, behavioral history, project details, and sensitive natural-language context. Encryption at rest does not eliminate the exposure introduced by transmitting and centralizing this data on a remote service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal