ClawHub

Self-Improving Plus

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly coherent, but it asks agents to persist detailed user/project context, promote instructions broadly, and publish distilled learnings without clear review or redaction controls.

Install only if you are comfortable with persistent learning logs and skill extraction. Before using it on private work, require manual review, redact secrets and customer/project details, avoid publishing to ClawHub without explicit consent, and do not let it modify CLAUDE.md or copilot instruction files automatically.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs publishing distilled skills to an external community hub, which introduces outbound data sharing beyond local self-improvement. Because the workflow also collects learnings, errors, and context from user interactions, this creates a realistic risk of exfiltrating sensitive project details or user-derived information without explicit review and consent.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The best-practices section encourages promoting learnings into global instruction files like CLAUDE.md or .github/copilot-instructions.md, expanding the skill from logging into modifying broader agent behavior. This can persist unintended instructions across future tasks and repositories, creating integrity and scope-creep risks not justified by the declared purpose.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The feature set directs the agent to log errors, corrections, learnings, and knowledge gaps, but it provides no privacy guardrails about storing user content, secrets, or environment-specific details. In context, this omission is dangerous because the skill normalizes persistent collection of potentially sensitive data as part of routine operation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The automatic extraction and publication workflow lacks a mandatory review step before creating reusable skills and sharing them externally. Since the source material comes from logged errors and learnings, the absence of sanitization and approval makes accidental disclosure of sensitive operational details plausible.

Ssd 3

Medium
Confidence
96% confidence
Finding
The logging format asks for full context about what happened, what was wrong, what is correct, and related files, which can easily capture sensitive user-provided data in durable markdown logs. Persistent plain-text storage of corrections and interaction context increases the chance of later disclosure, reuse, or accidental publication.

Ssd 3

Medium
Confidence
97% confidence
Finding
The error-entry template explicitly requests actual error output, input or parameters used, and environment details, all of which frequently contain credentials, tokens, paths, internal URLs, or customer data. Persisting these verbatim in logs materially increases exposure risk and can turn transient secret leakage into long-term storage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal