ClawHub

Self Improving Agent 3.0.0

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate memory and learning skill, but it can persist and propagate broad session details with weak safeguards, so it should be reviewed before use.

Install only if you intentionally want persistent agent memory. Before enabling hooks or promotion, review the scripts and configured paths, keep the setup project-scoped, and require sanitized summaries rather than raw prompts, transcripts, credentials, tokens, personal data, proprietary code, or full tool output. Periodically audit and delete stored notes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Vague Triggers

Medium
Confidence
80% confidence
Finding
The automatic logging triggers are vague enough that an agent may capture and persist content whenever it merely 'notices' corrections, errors, or feature requests. In the context of a persistence skill, ambiguous triggers materially increase the chance of over-collection of user or session data into files that may later be reviewed, promoted, or shared.

Ssd 3

Medium
Confidence
93% confidence
Finding
The skill instructs agents to retain learnings, errors, and corrections in plain markdown and later promote them into memory or instruction files. Without mandatory minimization and sensitivity filtering, this creates a durable exfiltration and privacy risk because user-supplied content, operational details, and potentially secrets can be persisted beyond the original task.

Ssd 3

High
Confidence
95% confidence
Finding
Encouraging transcript reading across sessions and message passing between sessions without sensitivity controls can spread confidential information far beyond the originating context. Cross-session propagation increases blast radius because a single mistaken capture may be exposed to other agents, workflows, or users with different trust boundaries.

Ssd 3

High
Confidence
97% confidence
Finding
The logging templates explicitly request full context, inputs, parameters, error output, and user context, which are common carriers of secrets, personal data, proprietary prompts, file paths, and internal system details. Persisting that level of detail in markdown materially raises the risk of credential leakage and long-term storage of sensitive information.

Ssd 3

High
Confidence
96% confidence
Finding
The promotion workflow moves accumulated learnings into durable agent-context files such as CLAUDE.md, AGENTS.md, and other shared instruction surfaces without requiring a sensitivity review. This can turn an initially local over-collection issue into persistent prompt-context leakage that repeatedly exposes sensitive material in future sessions.

Ssd 3

Medium
Confidence
91% confidence
Finding
Guidance to 'promote aggressively' increases the likelihood that insufficiently reviewed content will be copied into shared or persistent files. While this is framed as a best practice, in a memory-and-logging skill it meaningfully worsens the chance of propagating sensitive information across contexts.

Session Persistence

Medium
Category
Rogue Agent
Content
### Option 1: Project-Level Configuration

Create `.claude/settings.json` in your project root:

```json
{
Confidence
88% confidence
Finding
Create `.claude/settings.json` in your project root: ```json { "hooks": { "UserPromptSubmit": [ { "matcher": "", "hooks": [ { "type": "command",

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal