ClawHub

IceCube Evolution

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is not overtly malicious, but it asks an agent to persistently change its own rules, memory, configuration, and installed skills without clear user approval.

Install only if you are prepared to supervise it closely. Treat its logs as persistent local records, avoid storing secrets or raw user data, and do not allow it to automatically edit AGENTS.md, SOUL.md, MEMORY.md, openclaw.json, procedural memory, or install new skills without reviewed diffs, explicit approval, and rollback notes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill explicitly authorizes autonomous modification of high-trust files and capability surfaces such as AGENTS.md, SOUL.md, MEMORY.md, openclaw.json, and tool installs. Even if framed as self-improvement, this creates an instruction/configuration self-mutation channel that can weaken safeguards, expand permissions, or persist unsafe behavior without human review.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The description promises continuous automatic evolution 'without human intervention,' which normalizes unsupervised behavior and policy changes. In agent systems, autonomous self-modification is dangerous because it can recursively entrench bad rules, bypass operator intent, and create persistent drift across future sessions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill description advertises automatic self-modification and persistent file updates without any up-front notice that local agent configuration and memory files may be changed. That lack of transparency increases the risk of silent persistence, surprise filesystem writes, and operator confusion about why agent behavior changed over time.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup instructions create and update files under ~/.openclaw and instruct ongoing writes, but they do not warn the user that this is persistent state on disk. In security-sensitive agent environments, unannounced persistence is risky because it can store operational history indefinitely and alter later behavior in ways the user did not knowingly authorize.

Missing User Warnings

High
Confidence
98% confidence
Finding
The improvement-generation section permits automatic edits to core instruction and configuration files, including AGENTS.md, SOUL.md, MEMORY.md, and openclaw.json, without any warning about system-integrity consequences. This is especially dangerous because these files define durable agent behavior and trust boundaries, so self-directed changes can become a persistence and policy-tampering mechanism.

Ssd 3

Medium
Confidence
93% confidence
Finding
The guidance to log every mistake and capture every success broadly encourages storing detailed task context, which can easily include sensitive user content, credentials, personal data, or proprietary information. Persistent accumulation of such data in memory files increases exposure surface and creates secondary privacy and data-retention risks.

Ssd 3

Medium
Confidence
94% confidence
Finding
The AGENTS.md protocol requires immediate logging of context after errors and successes, which incentivizes copying operational and user/task details into persistent files. Because the protocol is broad and automatic, it can normalize retaining sensitive interaction data without necessity or consent.

Ssd 3

Medium
Confidence
92% confidence
Finding
The automatic trigger conditions and summaries encourage collecting corrected, repeated, or lost information from user interactions and carrying it forward into persistent memory. This creates a mechanism for the agent to retain and reuse user-derived data beyond the immediate task, which can violate least-retention principles and amplify privacy harm.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal