ClawHub

Recursive Self Improvement

Security checks across malware telemetry and agentic risk

Overview

The skill is transparent about recursive self-improvement, but it gives an agent broad code-changing and optimization authority without clear approval, rollback, or stopping limits.

Install only if you intentionally want an agent to help repair or optimize a clearly scoped project. Use a sandbox or dedicated branch, require explicit approval before edits and repeated cycles, cap concurrency and recursion, and keep version-control rollback available.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly describes autonomous error fixing, refactoring, optimization, concurrent execution, and recovery behaviors, but it does not warn users that it may modify code or system behavior without strong human review gates. In a self-improving skill, this omission is dangerous because users may invoke it on real systems without understanding that changes, retries, and parallel actions can affect production data, stability, or integrity.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The optimization trigger includes vague criteria such as '运行超过 N 轮' and '可进一步演进' without concrete thresholds or guardrails. In a recursive self-improvement skill, ambiguous activation conditions can cause unintended optimization cycles, unsafe autonomous changes, or repeated self-modification beyond operator intent, increasing the chance of instability or harmful changes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal