ClawHub

test1123123

Security checks across malware telemetry and agentic risk

Overview

This learning-log skill is mostly coherent, but it can persist information and change future agent behavior through memory files, instruction-file promotion, hooks, and skill creation.

Install only if you want durable learning memory for your agent. Keep entries short and sanitized, do not store secrets or raw transcripts, prefer project-local logs over global home-directory memory, and require explicit approval before promoting entries into instruction files, reading or sending cross-session history, spawning background sessions, enabling broad hooks, or extracting new skills.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The skill is presented primarily as a learning/error logging utility, but it also instructs the agent to promote entries into persistent agent-context files and to generate new reusable skills from logged content. That expands its effective capabilities from passive note-taking into persistent behavior modification and code/artifact generation, which can surprise users and increase the chance of unsafe or unauthorized changes.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill includes cross-session capabilities such as listing sessions, reading another session's history, and sending messages between sessions. Even with advisory language about trusted environments, this meaningfully increases data exposure risk because transcripts may contain sensitive prompts, outputs, or project context not intended for lateral sharing.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill adds a generalized skill-extraction workflow that creates new skill scaffolds on disk, which is outside the core stated purpose of logging learnings. This broadens the trust boundary from recording notes to generating reusable automation artifacts that may later influence agent behavior across tasks.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document claims the hook scripts 'only output text' and 'don't modify files or run commands,' but the same guide configures those scripts to be executed as shell commands by the hook system. This creates a misleading security boundary: users may enable privileged automatic execution while underestimating the risk that the invoked scripts can perform arbitrary actions if altered, replaced, or later expanded.

Session Persistence

Medium
Category
Rogue Agent
Content
└── FEATURE_REQUESTS.md
```

### Create Learning Files

```bash
mkdir -p ~/.openclaw/workspace/.learnings
Confidence
84% confidence
Finding
Create Learning Files ```bash mkdir -p ~/.openclaw

Session Persistence

Medium
Category
Rogue Agent
Content
openclaw hooks enable self-improvement
```

### 3. Create Learning Files

Create the `.learnings/` directory in your workspace:
Confidence
79% confidence
Finding
Create Learning Files Create the `.learnings/` directory in your workspace: ```bash mkdir -p ~/.openclaw/workspace/.learnings ``` Or in the skill directory: ```bash mkdir -p ~/.openclaw

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal