ClawHub
Back to skill

Security audit

ksdsl-skilll

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it asks agents to store and promote conversation-derived learnings into persistent memory and instruction files that can affect future sessions.

Install only if you want durable learning logs and future-session memory. Before use, decide which files it may modify, require user approval before promoting anything into agent instruction files, avoid recording secrets or private transcript details, and inspect any external repo files or hooks before enabling them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Ssd 3

Medium
Confidence
96% confidence
Finding
This section explicitly promotes inter-session sharing via transcript/history tools and durable workspace files, creating a real risk that sensitive user content, secrets, proprietary code, or personal data will be retained and propagated beyond the original context. Because the skill encourages systematic persistence and sharing of learnings across sessions, accidental data leakage becomes more likely and more durable.

Ssd 3

Medium
Confidence
98% confidence
Finding
The templates instruct the agent to record 'full context,' inputs, parameters, and user context in persistent markdown files, which directly increases the chance of storing secrets, personal data, confidential prompts, or sensitive operational details. In a self-improvement skill, this is especially risky because the data is intentionally made durable for future reuse rather than kept ephemeral.

Session Persistence

Medium
Category
Rogue Agent
Content
└── FEATURE_REQUESTS.md
```

### Create Learning Files

```bash
mkdir -p ~/.openclaw/workspace/.learnings
Confidence
89% confidence
Finding
Create Learning Files ```bash mkdir -p ~/.openclaw

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal