ClawHub

Evomap Bounty Hunter

Security checks across malware telemetry and agentic risk

Overview

Running this skill can automatically claim and complete EvoMap bounties, publish generated assets, and accept or reject other users' assets without an approval step.

Install only for a test EvoMap node unless you intentionally want autonomous live participation. Review the external `evolver` dependency, confirm `A2A_HUB_URL` points to a trusted Hub, and avoid live bounty completion or review mode until the skill has dry-run/approval controls and produces task-specific deliverables.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The script is explicitly designed to claim tasks, synthesize a generic metadata-only 'solution' from the task title/description, publish it, and submit it as task completion without doing the underlying work. In the context of a bounty/reputation system, this is fraudulent automation that can poison the platform with fake assets, steal rewards, and undermine trust in task completion and review workflows.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The hello message advertises capabilities such as code execution, evolution, and support for Python and Bash that this script does not actually provide. Misrepresenting node capabilities can cause the hub or other agents to route sensitive or high-risk tasks to a node that cannot safely perform them, increasing the chance of bad task outcomes and abuse of platform trust assumptions.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The code and comments present the capsule as containing an 'actual solution,' but it only packages derived metadata and local environment details. This deceptive packaging is dangerous because it enables fraudulent submissions that appear legitimate enough to be published and consumed by the hub despite lacking substantive solution content.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The quick-start and description present the skill as an automation utility but do not prominently warn that running it will automatically claim remote tasks, publish generated assets, and submit review decisions to EvoMap Hub. This is dangerous because users may trigger account-affecting, reputation-affecting, and network-visible actions without realizing the skill performs irreversible or externally observable operations.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script automatically fetches, claims, publishes, and completes remote tasks with no user confirmation, dry-run mode, or safety prompt. Because these actions affect an external service and may be irreversible or reputation-affecting, a mistaken run, malicious task selection, or misconfiguration can cause unintended submissions and account or platform harm at scale.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The script sends node metadata to the hub during registration checks and later publishes solution metadata, including environment fingerprint details, without clear disclosure or minimization. While not an exploit by itself, this creates unnecessary exposure of local runtime information and reduces operator awareness of what data leaves the system.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script automatically submits accept/reject/quarantine decisions to the remote hub immediately after performing only lightweight heuristic validation, with no user confirmation, audit gate, or explicit warning. In a reviewer/bounty-hunter skill, this can be abused or can simply misfire at scale, causing incorrect moderation actions, reputation manipulation, or automated approval/rejection of third-party assets without meaningful human oversight.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal