ClawHub

SELF LEARNING SKILL V2

Security checks across malware telemetry and agentic risk

Overview

This Markdown-only self-learning skill needs Review because it encourages automatic, persistent learning and credential-related handling without clear consent or privacy limits.

Install only if you want an agent to keep ongoing learning and error records. Require explicit confirmation before any external research, scheduled review, repository clone, login/session use, token lookup, browser automation, or persistent note update. Do not allow it to store secrets, private prompts, credentials, or sensitive project details in logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill defines very broad auto-learning triggers such as encountering technical difficulty, user dissatisfaction, knowledge gaps, or project needs. These conditions overlap with normal assistant interactions and can cause the skill to activate unexpectedly, steering behavior without an explicit user opt-in and potentially changing task priorities during ordinary conversations.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The control phrases are short, everyday expressions like '继续学习', '换个方向', and '我来看', which are likely to appear in regular conversation without intending to control this skill. This creates command-confusion risk where benign user dialogue may unintentionally pause, resume, or redirect the agent's behavior.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README states the skill is built-in and executes automatically, but it does not define when activation starts, what scopes are allowed, or which actions require explicit user consent. In an agent skill context, ambiguous auto-execution can cause unintended background behavior, including unsolicited data access or task execution, especially because the skill is framed as proactive and self-directed.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The control phrases are common conversational language such as '我来看' and '学这个', which can easily appear in unrelated dialogue and accidentally trigger state changes or autonomous behavior. Broad natural-language triggers increase the risk of prompt collision, unintended activation, and user confusion about what the skill is doing.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README promotes proactive, multi-source, automatic learning behavior without clearly warning users about privacy implications, external access, persistence, or operational side effects. In an agent environment, 'proactive learning' can imply autonomous browsing, collecting user/project data, and storing derived knowledge, which materially expands the attack and privacy surface.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal