ClawHub

Self Improvement Cyber Bye

Security checks across malware telemetry and agentic risk

Overview

This is not malware, but it asks the agent to automatically save sensitive personal memories and keep scheduled local automation running without clear user control.

Install only if you deliberately want an agent that keeps persistent local memory and self-improvement logs. Before enabling it, confirm you can inspect, edit, delete, and disable saved memories and cron files, and avoid sharing health, financial, relationship, credential, or proprietary details unless you are comfortable with them being retained locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (18)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to automatically write extracted facts to memory during conversation without asking the user first. This creates undisclosed retention of user-provided information and can persist sensitive data unexpectedly, increasing privacy, compliance, and secondary-disclosure risk.

Missing User Warnings

High
Confidence
99% confidence
Finding
The auto-save triggers include sensitive categories such as health, finances, relationships, and user rules, but there is no consent gate, minimization policy, or warning. Capturing these categories by default materially raises the sensitivity of retained data and can expose highly personal information through logs, memory files, or later retrieval.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The immediate-capture rule mandates writing detected errors to disk before any other action, which may include user prompts, model outputs, or contextual snippets containing sensitive information. Without sanitization or disclosure, this creates a forced persistence path that can store confidential content in raw form.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs automatic saving of user facts to persistent memory without any consent flow, visibility, or sensitivity boundaries. Because the auto-extract triggers include health, finances, relationships, and corrections, this can retain personal data across sessions and expose it later through unintended recall, over-collection, or workspace-level access.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Mandating memory writes before every session end institutionalizes persistent retention even when the user has not requested storage or had a chance to review what will be saved. This increases the chance of silently persisting sensitive or incorrect information, which can later leak into responses or be accessed by others with workspace visibility.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The manual trigger phrase "remind me at <time>" / "set a cron for <time>" is broad enough to overlap with ordinary user conversation, which can cause unintended scheduling and persistent state changes. In this skill, those phrases directly lead to file creation and memory updates, so ambiguous matching increases the risk of unauthorized or accidental cron creation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The hook instructs the agent to move files, update memory indexes, and modify active cron/session state without any warning, consent checkpoint, or transactional safety guidance. Because these are persistent operations, mistakes or prompt-triggered execution could silently alter records, delete active reminders, or corrupt operational state.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
Hard-coding IST as the operating timezone can cause reminders and cron actions to fire at unexpected times for users in other regions, which is a security-relevant integrity issue when the actions modify persistent state. In this skill, mistimed escalation reports or temp cron execution could lead to missed reviews, confusing automations, or accidental state transitions.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The hook directs automatic file creation, status modification, and movement of records between directories without any approval gate, dry-run mode, or user-visible disclosure. In a privileged workspace, this can silently alter audit trails and operational state, making it easier for erroneous or manipulated classifications to rewrite history or suppress raw evidence.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This section authorizes broad persistent modification across patterns, stats, logs, journals, soul state, and cron creation, all without disclosure or scoped write restrictions. In context, this skill is designed for autonomous self-modification and memory management, so unchecked persistent writes are more dangerous because they can entrench incorrect conclusions, create follow-on automation, and materially reshape future agent behavior without oversight.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The hook instructs immediate writes to persistent local storage before any other action, with no consent, warning, or gating. In an agent environment, automatic file modification can create covert state changes and unexpected retention of user- or session-derived content, especially when the hook can be triggered frequently.

Ssd 3

Medium
Confidence
95% confidence
Finding
Automatic capture of user-provided information without explicit prompting or consent can cause unintended long-term retention and later disclosure to other workflows, tools, or operators. The risk is amplified because the behavior is framed as automatic and unconditional rather than user-directed.

Ssd 3

Medium
Confidence
94% confidence
Finding
The instruction to 'learn from everything' combined with nightly review and self-fix workflows encourages broad retention and processing of conversational content beyond the immediate task. This semantic data-hoarding behavior increases the amount of sensitive data accumulated and broadens the attack surface for misuse, leakage, and unauthorized reuse.

Ssd 3

Medium
Confidence
94% confidence
Finding
Automatic retention of conversational facts across sessions creates a data leakage path because the model may later surface stored personal details in unrelated contexts, especially when memory categories include identity, relationships, finance, and habits. The absence of sensitivity limits or minimization rules makes broad collection the default, expanding privacy and confidentiality risk.

Ssd 3

Medium
Confidence
97% confidence
Finding
The session-wide workflow requires loading prior memory, auto-extracting new facts, and writing updates, which creates a standing mechanism for continuous collection and reuse of user data. In this skill's context, that is more dangerous because the enumerated triggers and tags encourage storage of intimate and potentially sensitive personal information, increasing both persistence and unintended disclosure risk.

Ssd 3

Medium
Confidence
95% confidence
Finding
The template directs the agent to persist context, full descriptions, impact assessments, and user feedback into natural-language files. This creates a durable retention channel for potentially sensitive conversational content, which can later be exposed through file access, indexing, backups, or downstream processing.

Ssd 3

Medium
Confidence
97% confidence
Finding
Requiring the exact user correction quote to be stored is a specific data-leak risk because users may include secrets, personal data, proprietary prompts, or other sensitive text in their corrections. Persisting verbatim quotes unnecessarily increases the blast radius of any later disclosure or misuse of the logs.

Ssd 3

Low
Confidence
90% confidence
Finding
Appending summaries of all captured errors into a persistent memory index creates a second retention surface that can aggregate user- and session-derived information over time. Even if each summary is short, centralized indexing makes discovery, correlation, and unintended reuse of sensitive information easier.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal