ClawHub

自动学习技能

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it should be reviewed because it can read recent conversations and create or update persistent skills without clear approval controls.

Install only if you intentionally want an agent to learn from prior conversations and generate persistent skills. Require manual approval before any history scan or file write, review generated content for sensitive data or unsafe instructions, and keep learned skills in a bounded location with an easy rollback path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The manual trigger phrases are generic everyday language (e.g. '自动学习', '提取经验', '创建技能') and can easily appear in ordinary conversation. In a skill that can scan history and create or modify files, accidental invocation can cause unintended data processing and persistent state changes without clear user intent.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The automatic activation conditions are vague ('same problem solved 2+ times', 'found a new workflow/tool', 'error then solution') and leave broad room for subjective interpretation by the agent. Because this skill is designed for self-evolution and file creation, ambiguous auto-activation can trigger unsupervised history scanning and unauthorized skill generation from normal interactions.

Missing User Warnings

High
Confidence
98% confidence
Finding
The workflow explicitly instructs the agent to scan recent conversation history, identify patterns, and create or update skill files, but it provides no privacy notice, consent mechanism, or safeguards for persistent modification. This is especially dangerous in an auto-learning/self-evolving skill because sensitive user content may be mined into reusable artifacts and written to disk without review, creating both privacy leakage and prompt-persistence risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal