ClawHub

self-improving-agent-python

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly transparent and local, but it can persist and spread agent lessons across local WorkBuddy workspaces without strong scoping or retention controls.

Install only if you intentionally want persistent cross-agent learning. Do not save secrets, customer data, private prompts, tokens, or sensitive operational details as lessons, and run the sync script only when you want the shared knowledge file copied into every local WorkBuddy workspace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The script’s stated purpose is to record a lesson locally, but it also copies the lesson into a shared knowledge base as a side effect. That mismatch is security-relevant because lessons may contain sensitive operational details, and users or calling systems may not realize the data is being propagated beyond the local context.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly promotes cross-agent experience sharing but does not warn users that task-derived data may be propagated beyond a single agent context. In a self-improving agent skill, this increases the risk that sensitive prompts, outputs, identifiers, or workspace-derived information could be unintentionally shared or reused without informed consent.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The README documents persistent storage files under the workspace but does not present this as a user-facing warning or explain the operational/privacy consequences of retaining evaluation history, lessons learned, and shared knowledge. Users may unknowingly store sensitive task data on disk, where it can later be accessed, synced, or committed.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly states that evaluation records, lessons learned, optimization plans, and a shared knowledge base are stored persistently in the workspace, but it does not warn users about retention, sensitivity of stored content, or the implications of cross-agent sharing. In an agent skill centered on self-improvement and experience sharing, this can lead to unintentional accumulation and propagation of sensitive prompts, outputs, identifiers, or operational data across sessions and agents.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The activation conditions are broad enough to match ordinary user requests about improving efficiency, evaluation, or learning, which can cause the skill to activate outside its intended scope. In an agent system, overly permissive triggering can unexpectedly enable persistence and workflow changes, increasing the chance of inappropriate data collection or behavioral drift.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly stores evaluations, lessons learned, optimization plans, and shared cross-agent knowledge, but it provides no notice, consent flow, retention limits, or data classification guidance. This is dangerous because task artifacts may contain sensitive prompts, identifiers, mistakes, or proprietary workflow information that can persist indefinitely and spread to other agents.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The activation conditions are broad and fuzzy enough that ordinary user requests about improving work, learning from mistakes, or efficiency could unintentionally trigger the skill. In a self-improvement skill, accidental activation is more dangerous because it can initiate evaluation, persistence, or sharing behaviors without a clear user request or informed consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly describes persistent storage of evaluations and lessons, plus cross-agent synchronization to a shared knowledge base, but provides no warning, consent flow, retention policy, or data minimization guidance. This creates a real privacy and data-governance risk because task outcomes, lessons learned, and potentially sensitive operational details may be retained and shared beyond the original context.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal