ClawHub

Self-Improving v2.0 - Jarvis Edition

Security checks across malware telemetry and agentic risk

Overview

This looks like a disclosed memory and reflection skill, not malware, but it asks for broad permanent storage and unattended scheduled processing without enough user control.

Review before installing. Use this only if you intentionally want persistent memory of chats, images, code, decisions, and preferences; verify the missing scripts and cron definitions before running it, inspect or disable scheduled jobs after installation, and make sure you can review and delete saved memories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (15)

Missing User Warnings

High
Confidence
97% confidence
Finding
The changelog explicitly documents full and permanent saving of conversations, images, decisions, and code without any mention of consent, minimization, retention controls, or privacy notice. In a memory/self-improving skill, this creates a real overcollection and privacy-risk pattern because users may unknowingly have sensitive content retained indefinitely.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The file describes automated cleanup of videos, attachments, and temporary files on a schedule but gives no warning about irreversible deletion, misclassification risk, or operational side effects. Scheduled deletion logic is risky when presented as a default behavior because it can remove user data unexpectedly or interfere with workflows.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly promotes permanent retention of all text conversations, images, decisions, and preferences, but does not warn users about privacy, consent, storage scope, or sensitive-data handling. In an agent skill, this can lead to over-collection and long-term exposure of personal, confidential, or regulated data if logs are accessed, synced, or later misused.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README instructs users to enable automated cron jobs for reflection and cleanup without warning that background tasks will process and modify stored data on a schedule. This is dangerous because users may unknowingly authorize unattended collection, summarization, or deletion activity that affects privacy and data integrity.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly instructs permanent storage of all text conversations, images, code, important decisions, and user preferences, but provides no consent flow, data minimization rules, sensitivity exclusions, retention controls, or deletion mechanism. This creates a significant privacy and security risk because sensitive user content may be retained indefinitely in workspace files where it could later be exposed, misused, or processed beyond user expectations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill schedules automated reflections and memory organization three times per day, meaning user data may be repeatedly processed and persisted in the background without an explicit warning or runtime confirmation. This is dangerous because background jobs reduce transparency and can cause ongoing collection or secondary processing of personal data that users do not realize is happening.

Ssd 3

Medium
Confidence
96% confidence
Finding
These instructions normalize indefinite retention of all conversations and images, which semantically directs continuous collection of potentially sensitive user data far beyond what is necessary. In the context of a memory-management skill, this is especially dangerous because the feature is core behavior and could capture secrets, personal data, credentials in screenshots, or regulated content.

Ssd 3

Medium
Confidence
95% confidence
Finding
The permanent-preservation rules are restated as standing operational policy, reinforcing indefinite collection and storage of user communications and images. Repetition in a changelog/feature summary strengthens the likelihood that implementations and operators will treat unlimited retention as intended behavior, increasing privacy exposure and breach impact.

Ssd 3

Low
Confidence
83% confidence
Finding
Marketing language such as 'never miss important conversations' and 'permanently save precious memories' encourages indefinite preservation of user communications as a product goal. While less operationally specific than the earlier sections, it still reinforces a privacy-invasive retention model and may bias implementers toward unsafe defaults.

Ssd 3

Medium
Confidence
96% confidence
Finding
The documentation normalizes full and permanent retention of conversations and images, which creates an over-collection and data leakage risk even at the design level. In the context of a self-improving agent, retained memory can accumulate credentials, personal data, business secrets, and other sensitive content far beyond what is necessary for operation.

Ssd 3

Medium
Confidence
94% confidence
Finding
The examples and stated policy direct indefinite persistence of user preferences, conversation content, code, and memory files, increasing the likelihood that sensitive or proprietary information remains exposed long term. Because this skill is specifically designed to accumulate and reorganize memory, the context makes the over-retention risk more serious, not less.

Ssd 3

High
Confidence
97% confidence
Finding
The skill’s headline functionality includes full conversation retention, long-term memory management, and continuous self-improvement, establishing a design pattern of broad, durable user-data accumulation. In context, this is dangerous because it normalizes indefinite storage of potentially sensitive content without any privacy boundaries, making later leakage or misuse much more harmful.

Ssd 3

High
Confidence
99% confidence
Finding
The conversation-saving policy plainly states exhaustive and permanent storage of user-provided content, including text, images, code, and extracted decisions. This is a direct privacy and data-security vulnerability because sensitive information, secrets, proprietary code, or intimate personal content could be captured and retained indefinitely in accessible local files.

Ssd 3

High
Confidence
98% confidence
Finding
The long-term memory section explicitly preserves user preferences, long-term goals, key relationships/resources, and daily memories over time, all of which are highly profile-building categories of personal data. Persistent aggregation of this information increases the risk of surveillance-like profiling, inference of sensitive traits, and disproportionate harm if the memory files are accessed by unauthorized parties.

Ssd 3

High
Confidence
97% confidence
Finding
The best-practice and storage guidance reinforces permanent retention of all text dialogue and continued tracking of user preferences, further embedding unsafe defaults into normal operation. The context makes this more dangerous because these instructions are not incidental; they encourage routine, repeated accumulation of personal data as an intended feature, increasing both exposure surface and duration.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal