ClawHub

REFINE: The Self-Evolving Agent

Security checks across malware telemetry and agentic risk

Overview

This local diagnostics skill mostly matches its purpose, but it overstates privacy protections while saving user-provided feedback, error messages, and context to disk.

Review before installing if you handle sensitive prompts, credentials, personal data, or private customer logs. Use only short non-sensitive labels and metadata, avoid passing raw prompts or full error text, periodically inspect or delete refine_memory.json, and review any generated System Prompt Patch before applying it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The sanitizer blocks sensitive content based primarily on key names and type/length checks, but it does not inspect values for secrets, prompts, PII, or stack-trace-like content when those values appear under innocuous keys. Because this skill is explicitly designed for session diagnostics and persistent memory, callers are likely to pass rich context and error text, making the mismatch between documentation and actual behavior a real confidentiality risk.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The module-level documentation states that raw prompts, credentials, and PII are not written, but the implementation can still persist such material if it is supplied as a value under an unblocked key name such as 'note', 'details', or 'message'. In a logging and memory skill, this creates a realistic risk of sensitive data retention on disk while misleading operators into believing storage is safe.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal