ClawHub

Self Assessment

Security checks across malware telemetry and agentic risk

Overview

This skill is a task self-assessment guide, but it also tells agents to install new skills and rewrite persistent identity information without clear user approval.

Install only if you are comfortable with an agent reading its local identity and memory context, modifying its own profile, and potentially adding more skills later. A safer version would keep the self-assessment output but require explicit user approval before any skill installation or IDENTITY.md change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill’s stated purpose is pre-task self-assessment, but it also instructs the agent to perform post-task profile maintenance and modify persistent state. That scope expansion is dangerous because it normalizes unrelated side effects, increasing the chance that a task-gating skill becomes a vehicle for unauthorized self-modification or persistence changes.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Automatically searching for and installing new skills during self-assessment is a high-risk capability expansion unrelated to merely deciding whether to accept a task. This can lead to untrusted code or prompt content being introduced into the agent’s workspace before the task is even accepted, creating a supply-chain and privilege-escalation path.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Directing the agent to update IDENTITY.md after every task exceeds the skill’s declared purpose and causes persistent self-modification. Persistent profile changes can be abused to bias future task acceptance decisions, poison memory/identity context, or smuggle attacker-influenced instructions into later runs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal