Is everclaw safe?

https://clawhub.ai/tlxue/everclaw

22
DANGEROUS

This skill is an empty shell containing only a lock.json file that references a completely different skill name ('academic-research-hub' vs published slug 'everclaw'). It provides zero functionality to the user. The identity mismatch and empty content pattern are consistent with supply-chain name-squatting attacks where a benign placeholder is published first, then later updated with malicious payloads. While currently harmless at runtime, there is no legitimate reason to install this skill.

Category Scores

Prompt Injection 15/100 · 30%
Data Exfiltration 30/100 · 25%
Code Execution 30/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 5/100 · 5%

Findings (6)

CRITICAL Empty skill with no functionality — potential supply-chain placeholder -85

The skill contains absolutely no functional content: empty SKILL.md, no source code, no package.json. The only file is a lock.json. This matches the pattern of a name-squatting or supply-chain staging attack where an attacker claims a skill name with an empty package, then later pushes a malicious update.

HIGH Skill identity mismatch — slug vs internal name discrepancy -65

The published skill slug is 'everclaw' but the internal lock.json references 'academic-research-hub'. This identity mismatch could indicate the skill was renamed to disguise its origin, or is part of a confusion/typosquatting attack targeting users searching for either name.

HIGH Empty SKILL.md — no declared purpose or permissions -20

A skill with an empty SKILL.md provides no transparency about its intent, capabilities, or required permissions. Users cannot make an informed decision about whether to trust it. This also means any future update that adds content will be a complete behavioral change with no baseline to compare against.

MEDIUM Empty shell susceptible to malicious update injection -70

Because the skill has no current functionality, any future version update could introduce data exfiltration capabilities. Users who installed the empty version have no reason to re-audit since nothing appeared harmful initially.

MEDIUM Skeleton package could receive executable payloads via updates -70

The absence of any code means this skill currently does nothing, but it has an established installation path. A future update adding install scripts, git hooks, or executable code would leverage the existing trust relationship.

LOW Clean installation behavior -10

Installation monitoring detected no anomalies: no network calls, no process spawning, no filesystem changes. This is consistent with an empty skill but does not preclude future malicious behavior.