ClawHub

Self Driven

Security checks across malware telemetry and agentic risk

Overview

This text-only skill is transparent about making an AI run its own recurring task loop, but it does not set clear limits or approval controls.

Install only if you intentionally want an autonomous recurring agent loop. Keep it in a tightly scoped workspace, do not enable the cron schedule until you have explicit guardrails, review the memory files regularly, and require confirmation before file changes outside its memory folder, external messages, account actions, purchases, deletions, or public publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README explicitly describes persistent memory and log storage under `memory/self-driven/` and states that each execution must be written down, but it does not warn users about data retention, sensitivity of stored content, or consent expectations. In an autonomous agent context, persistent logging can accumulate prompts, task history, or user-derived data over time, increasing privacy and unintended disclosure risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs autonomous cron-based execution every 30 minutes and persistent writes to memory/self-driven/log.md and related task files without any requirement for user confirmation, opt-in, or warning about automatic state modification. In an agent environment, this can cause unauthorized recurring actions and silent prompt/data persistence, which increases the risk of unwanted behavior, data accumulation, and abuse if tasks are influenced by untrusted content.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list contains highly generic phrases such as '执行任务' and 'Cron 任务' that can match many normal user requests unrelated to this skill. In a self-driven automation skill, broad activation increases the chance of unintended invocation and autonomous behavior being applied in the wrong context, which can cause confusing or risky actions.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal