ClawHub

Self Reflection 1.1.1

Security checks across malware telemetry and agentic risk

Overview

The skill’s reflection behavior is mostly coherent, but users should review it because its setup points to an external command outside the scanned package and it stores long-lived agent memory.

Install only after reviewing and pinning the external CLI source you plan to run. Enable the heartbeat only if recurring self-reflection is desired, and avoid logging secrets, customer data, private prompts, incident details, or proprietary workflow notes in the memory file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly instructs users to persist reflections and lessons to disk, and the examples encourage storing operational mistakes, fixes, and possibly security-related lessons in a long-lived markdown file. Because reflective logs can easily contain sensitive prompts, internal errors, security incidents, or proprietary workflow details, the lack of a clear warning, minimization guidance, or access-control recommendation creates a real privacy and security risk.

Session Persistence

Medium
Category
Rogue Agent
Content
# Add to PATH
ln -sf ~/.openclaw/skills/self-reflection/bin/self-reflection ~/bin/self-reflection

# Create config
cp ~/.openclaw/skills/self-reflection/self-reflection.example.json ~/.openclaw/self-reflection.json
```
Confidence
80% confidence
Finding
Create config cp ~/.openclaw/skills/self-reflection/self-reflection.example.json ~/.openclaw/self-reflection.json ``` ### OpenClaw Integration Add heartbeat to your `~/.openclaw

Session Persistence

Medium
Category
Rogue Agent
Content
## Configuration

Create `~/.openclaw/self-reflection.json`:

```json
{
Confidence
92% confidence
Finding
Create `~/.openclaw/self-reflection.json`: ```json { "threshold_minutes": 60, "memory_file": "~/workspace/memory/self-review.md", "state_file": "~/.openclaw

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal