ClawHub

Self-Learning Skill

Security checks across malware telemetry and agentic risk

Overview

This instruction-only self-learning skill is not malware, but it gives an agent broad automatic learning, logging, credential-search, and website-automation habits without tight user-controlled boundaries.

Install only if you want an agent to keep self-review notes and learning records. Set boundaries first: no credential or cookie searches, no external account actions, no broad website automation, and no persistent logging of private project details unless you explicitly approve the specific task.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger condition '用户不满意当前品质' is broad and subjective, so ordinary dissatisfaction can automatically activate a new learning workflow without clear user consent or scope limits. In an agent skill, this can cause unintended behavior changes, extra resource use, or self-directed task drift in response to vague feedback.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The condition '意识到不懂某领域' is internally determined and lacks objective constraints, meaning the skill can self-trigger based on ambiguous self-assessment. This creates a path for uncontrolled expansion of behavior, where the agent may initiate learning or workflow changes without a clear external authorization boundary.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The README states the skill is 'built-in' and 'automatically executes' without clearly defining scope, consent, or activation conditions. For an agent skill, broad auto-activation can cause the skill to run outside the user's intent, affecting unrelated tasks and creating opportunities for prompt-injection-like behavior or unauthorized autonomous actions.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The listed control phrases are short, generic conversational expressions such as '继续学习', '换个方向', and '我来看', which may appear in normal dialogue unrelated to skill control. Overly broad trigger phrases increase the risk of accidental activation, mode switching, or interruption of agent behavior based on ambiguous user text.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The skill is written entirely in Chinese and does not provide a language-selection mechanism or document a legitimate requirement for Chinese-only operation. This can cause users or downstream agents to misunderstand instructions, miss constraints, or incorrectly execute tasks, which is a genuine safety and usability risk in a general-purpose skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal