ClawHub

Eternal Adaptive Brain

Security checks across malware telemetry and agentic risk

Overview

This skill is a persistent self-improvement system that can automatically write to agent guidance and memory files, with under-disclosed scope and weak rollback semantics.

Review before installing. This skill is meant to make an agent remember lessons and evolve its behavior, but it can persist operational details and change files that shape future agent instructions. Only use it in a workspace where you are comfortable with durable self-modification, and inspect or back up the affected memory/instruction files before running write-capable commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The rollback command claims to restore a previous evolution state, but it only truncates the evolution history log and leaves all prior side effects intact, including DNA changes, learning status updates, and workspace file modifications. This creates a dangerous false sense of recovery: operators may believe unsafe or incorrect mutations were reverted when persistent state and modified guidance files remain active.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The evolution workflow is described as generating patches, which implies reviewable, non-applied changes, but the implementation directly writes learned rules into workspace control documents. In an agent context, these files likely influence future behavior, so direct mutation of policy/instruction files can silently alter agent actions without audit or approval.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list is overly broad and includes generic phrases like 'improve yourself' and 'learn from mistakes', which can cause the skill to activate in unrelated contexts. Because this skill can adapt behavior and modify persistent state, accidental invocation increases the chance of unintended self-modification or workspace changes.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly states it reads and writes workspace files such as SOUL.md, TOOLS.md, AGENTS.md, and MEMORY.md, and elsewhere it can generate SKILL.md patches, but it does not present a clear upfront warning or consent boundary. This is dangerous because users may invoke what sounds like a logging/learning feature without realizing it can persist changes and alter agent behavior across sessions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code appends content to workspace markdown files automatically, with no user confirmation, preview, or approval gate. Because these files appear to shape agent memory, tools, and behavior, unreviewed writes can cause prompt/policy poisoning, persistence of bad rules, or unintended privilege expansion in later runs.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The skill persists summaries, context, fixes, commands, and prediction-related task data under the user's home directory without meaningful disclosure, minimization, or retention controls. In practice this can capture sensitive operational details, file names, errors, or user-provided content and keep them indefinitely, creating privacy and local data exposure risks.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal