ClawHub

Super Self Improving

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only self-improvement skill that openly uses local memory and feedback logs, but users should manage the privacy implications.

Install only if you want an agent to keep local long-term notes about preferences, feedback, behavior patterns, and performance. Avoid putting secrets or sensitive personal details into feedback, periodically review or delete ~/.super-self-improving, and do not fetch or run any missing script implementation from an untrusted source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill’s declared purpose is self-improvement via memory, feedback, and meta-learning, but it also introduces token-cost monitoring and agent scheduling/auto-scaling functions that expand its operational scope. This scope creep increases the chance that a consumer enables broader orchestration or telemetry behavior than expected, weakening least-privilege assumptions and creating room for misuse or unsafe integrations.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Agent scheduling, load balancing, and auto-scaling are materially different from memory/feedback behavior and imply control over other agents or shared resources. In this context, such capabilities are dangerous because they can broaden authority boundaries, affect availability, and enable unintended cross-agent coordination without clear safeguards.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The document claims it does not store sensitive information, yet its logging examples retain detailed user corrections, inferred behavior, and preference history that may contain personal or sensitive data. This contradiction can mislead operators and users into underestimating privacy risk, leading to over-collection, long-term retention, or accidental disclosure through memory/export features.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly documents persistent storage for memory, feedback, errors, and metadata under a user directory, but its safety section only claims that sensitive information is not stored without explaining what user inputs, feedback, or interaction-derived artifacts may actually be written to disk. This can mislead users into providing data they would not expect to persist locally, creating privacy and data-handling risk if prompts, feedback text, or derived records contain sensitive information.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Implicit feedback collection based on inferred behavior is described without clear notice, consent, or retention policy. Behavioral inference can capture sensitive signals about user preferences or dissatisfaction, and doing so silently increases privacy risk and the chance of unauthorized profiling.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The memory, feedback, and export functions indicate storage and possible exfiltration of user-related data, but the skill does not prominently warn users or administrators about these behaviors. Export capability increases the impact because retained user data can be moved outside the original trust boundary if not tightly controlled.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The trigger rules infer negative signals from silence, repeated questions, or topic changes without explicit notice to the user. Such inference can be inaccurate and privacy-invasive, especially when persisted as feedback, leading to hidden profiling and potentially unfair or misleading adaptations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal