ClawHub

yan-learning-engine

Security checks across malware telemetry and agentic risk

Overview

This skill is openly designed to run on a schedule and perform publishing, PRs, posts, and local agent-file changes without asking first.

Install only if you intentionally want an hourly autonomous agent, and first rewrite it so publishing, PRs/issues, public comments, sharing, persistent memory/config edits, and workspace cleanup require explicit approval. Use draft-only defaults, narrow account permissions, logging, and a clear way to disable the cron job.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
This section explicitly instructs the agent to stop asking for confirmation and to execute first, then report afterward. That weakens approval boundaries and can cause unauthorized publishing, code changes, or external actions that a cautious agent should only perform with explicit user consent.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The checklist operationalizes the unsafe policy by directing immediate publication, repository updates, PR creation, bug fixes, and community interaction without approval. In an agent skill, this creates a concrete path to unreviewed external actions and broadens the chance of accidental or policy-violating changes.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill explicitly instructs the agent to act and publish autonomously without requiring user approval or bounded scope. That creates a real risk of unauthorized external actions such as repository changes, submissions, or public postings, which can affect external systems and data beyond a local learning-tracker purpose.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The documentation says to execute plans immediately and to avoid waiting, asking, or checking state. Those instructions undermine normal safety controls and can cause the agent to perform risky actions in the wrong context, including changes to files, services, or third-party platforms without validation.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The action list includes GitHub, community posting, issue filing, and other external operations that are not narrowly justified or safety-bounded. Even if framed as productivity, these actions can lead to spam, unauthorized submissions, disclosure of internal information, or reputation damage when triggered automatically.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The value proposition and execution standard normalize 'complete then immediately publish/submit/share' as a default rule. This is dangerous because it turns the skill into an autonomy amplifier for high-impact external actions without ensuring correctness, authorization, or user consent.

Missing User Warnings

High
Confidence
97% confidence
Finding
The file normalizes immediate execution of impactful operations such as publishing, updating repositories, fixing bugs, and submitting PRs without warning or confirmation. This is dangerous because those actions can have irreversible external effects, leak incomplete work, or violate change-control expectations.

Missing User Warnings

High
Confidence
97% confidence
Finding
The markdown encourages autonomous publishing/submission behavior but does not warn the user that these actions affect external systems or public data. Missing warnings materially increase the chance of unsafe use because users may not realize the skill can create public or irreversible side effects.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes scheduled autonomous file updates, planning, and system changes without adequate disclosure of what files are modified, how often, or what safeguards exist. This can lead to unnoticed persistence, configuration drift, or unintended modification of user data over time.

Ssd 1

High
Confidence
98% confidence
Finding
The directive reframes bypassing confirmation as the 'correct' behavior, directly undermining normal approval and oversight boundaries. This is dangerous because it conditions the agent to treat autonomous action as preferable even when the action is externally visible, destructive, or not explicitly authorized.

Ssd 4

Medium
Confidence
90% confidence
Finding
The document uses identity and motivational framing to create a behavioral norm of unconditional autonomy, culminating in 'directly do it' as a core principle. Even without explicit exploit code, this kind of instruction can systematically bias an agent away from caution, making other unsafe directives more likely to be followed.

Ssd 1

High
Confidence
99% confidence
Finding
These repeated directives explicitly tell the agent to bypass normal approval and confirmation behavior and act autonomously. In skill context, that is especially dangerous because the same document also discusses publishing and contributing externally, so the bypass language directly increases the likelihood of unauthorized high-impact actions.

Ssd 4

High
Confidence
97% confidence
Finding
The document presents a self-planning, self-execution, self-check, and repeat loop that normalizes continuous autonomous operation. This is risky because it creates a persistent behavioral pattern that can repeatedly perform unsafe actions, magnifying harm beyond a single mistaken command.

Ssd 1

High
Confidence
99% confidence
Finding
The manifesto language is a direct 'act first, report later' instruction, which is a classic unsafe autonomy pattern. Because it is framed as a governing principle, it can override safer defaults and encourage the agent to commit, publish, or modify resources before anyone can review the changes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal