ClawHub

Rotifer Self Evolving Agent

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Rotifer MCP integration for agent capability upgrades, but users should review any proposed replacement before approving it.

Install only if you trust Rotifer's MCP server package and marketplace. Before approving /evolve upgrade, inspect the proposed Gene, source, permissions, and expected changes under ~/.rotifer/; treat Arena rankings as performance data, not a safety guarantee.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The manifest executes an external MCP server package via `npx`, which introduces remote code supply-chain risk and delegates substantial behavior to code not visible in this skill file. In the context of a self-evolving, self-upgrading agent with outbound network access, this is more dangerous because the external package can implement broad autonomous actions beyond the narrow user-triggered purpose implied by the manifest.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly markets the skill as self-evolving and able to upgrade automatically, but it does not warn users that this may change installed capabilities or pull in new code/behavior from external sources. In a skill with outbound network access and upgrade/install functionality, missing consent and safety warnings can cause users to trigger risky changes without understanding the operational or security implications.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documented `/evolve upgrade <name>` command says it can replace an existing capability with a stronger alternative, but it does not warn that this is a destructive or behavior-changing action. Users may invoke it expecting a recommendation flow and instead alter their agent's installed functionality, creating risk of capability drift, incompatibility, or installation of less-trusted components.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README states that the skill connects to the Rotifer MCP server and external Rotifer services, but it omits any privacy, telemetry, or network disclosure. In context, the skill scans local agents/capabilities and queries remote services, so users are not informed that metadata about their local environment or requests may be transmitted off-system.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The description advertises broad autonomous capability scanning and upgrading behavior without clearly constraining when those actions occur or what requires user consent. In a skill that has outbound network permission and invokes an external MCP server, vague autonomy language increases the risk that users enable behavior they do not fully understand, including unprompted network activity or modification flows.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The manifest states that the agent upgrades itself to stronger alternatives automatically, which implies self-modifying or replacement behavior without explicit user opt-in. That is especially dangerous here because autonomous upgrades combined with network access and an external package can lead to unauthorized changes, tool substitution, or retrieval of unreviewed code or models.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal