ClawHub

Self Learning

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a self-learning workflow aid, but it gives broad automatic and persistent behavior instructions that users should review before installing.

Install only if you want an agent-wide self-learning assistant and are comfortable with automatic reflection behavior. Before using it on sensitive projects, confirm how to disable it, when it activates, whether it writes or remembers project context, and prefer explicit commands over casual control phrases.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The auto-learning triggers are defined in broad natural-language terms like '遇到技术难题', '用户提出更高要求', and '发现知识盲区', which are common situations in ordinary operation. That makes the skill likely to activate learning behavior without a clear, bounded user opt-in, increasing the chance of unintended mode shifts, unnecessary external lookup behavior, or persistence of user/project context under normal conversation.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The control phrases include short, vague expressions such as '继续学习', '换个方向', '太快了', '太慢了', and especially '我来看' and '没用上', which can plausibly appear in unrelated conversation. This creates a command-injection-by-ambiguity risk where ordinary user language could unintentionally pause, resume, or redirect the skill's behavior.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The README states the skill is 'built-in' and 'automatically executes' without clearly scoping when, why, or under what consent boundary activation occurs. For an agent skill, broad auto-activation can cause unsolicited behavior, unexpected background actions, or policy bypass if the agent applies the skill in contexts the user did not intend.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The control phrases are short, generic everyday expressions such as '继续学习', '换个方向', and '我来看', which are likely to appear in normal conversation unrelated to skill control. This creates a prompt/intent collision risk where ordinary user text could accidentally trigger state changes, autonomous learning behavior, or disclosure of progress data.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill explicitly promotes persistent, proactive self-improvement behavior such as acting without waiting for instructions, performing post-task review every time, and daily/weekly iteration. In an agent setting, these broad standing directives can override task scoping, consume resources, and encourage the model to take actions beyond explicit user intent or system-authorized boundaries.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
The skill is written entirely in Chinese and frames its operating procedures, templates, and outputs in Chinese without offering a language-selection mechanism. This can cause instruction mismatch, user confusion, and degraded oversight when deployed in multilingual environments, increasing the chance that harmful or unintended behavior goes unnoticed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal