ClawHub

Temp Skill Download

Security checks across malware telemetry and agentic risk

Overview

This self-improvement skill is mostly purpose-aligned, but it asks agents to create durable memory, use broad hooks, and share session context without enough privacy boundaries.

Install only if you want an agent to keep durable learning logs and potentially update shared agent memory or instruction files. Prefer project-local setup, avoid global always-on hooks, review the hook scripts before enabling them, and require explicit approval plus redaction before storing or promoting anything involving secrets, credentials, customer data, private transcripts, proprietary details, or raw tool output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The inter-session communication section authorizes reading other sessions’ transcripts and sending messages between sessions, which exceeds simple self-improvement logging. This creates a confidentiality and scope-expansion risk because data from unrelated sessions may be collected, propagated, or used without clear consent boundaries.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill extraction workflow instructs the agent to turn learnings into reusable skills and create files on disk, which materially expands its authority beyond note logging. This is risky because unreviewed session-derived content can become executable or auto-loadable prompt material, persisting mistakes or malicious prompt content into future runs.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The activation guidance is broad enough to match many ordinary interactions, including routine errors, corrections, and discovery of better approaches. Over-invocation is dangerous because it increases unnecessary logging, persistent storage, and the chance that sensitive conversational or operational details are captured by default.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill directs agents to log user corrections, errors, and session-derived information into files but does not warn against storing secrets, personal data, credentials, or proprietary inputs. This is dangerous because persistent markdown logs can silently accumulate sensitive data and later be committed, shared, or reused by other agents.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The inter-session transcript and messaging features are presented without a user-facing privacy warning or consent model. This is especially dangerous because transcript access can expose unrelated sensitive context, and message passing can spread that data into other sessions or agents.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The error logging template explicitly encourages storing raw errors, command inputs, parameters, and environment details. Those fields frequently contain secrets, API keys, internal paths, tokens, customer data, or stack traces with sensitive operational information, making the logs a high-value leakage target.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The hook setup runs on every prompt submission and after Bash tool use, creating continuous evaluation and possible logging pressure without an upfront warning. Persistent monitoring-style behavior is risky because it can normalize broad capture of user interactions and tool outputs beyond what the user expects.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document instructs the agent to persist 'learnings' into workspace and shared prompt files without any guidance to filter secrets, personal data, tokens, or sensitive tool/session output. Because these files are long-lived and may be injected into future sessions, sensitive content can be unintentionally retained and resurfaced later, expanding exposure across sessions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal