ClawHub

Self Improving Agent

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent self-improvement logger, but it asks agents to persist and share learning context across sessions without enough privacy or scope limits.

Install only if you want agents to maintain persistent learning files and potentially update future prompt context. Keep hooks project-local, avoid global empty matchers, do not use cross-session transcript or messaging features without explicit approval, and require redaction so secrets, tokens, personal data, proprietary content, raw transcripts, and raw command output are not stored or promoted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The detection triggers rely on very generic phrases from normal conversation, which can cause the skill to log or persist information when the user did not intend to create a record. In a system that writes to persistent files, false-positive activation increases privacy risk and may capture sensitive corrections, requests, or context without meaningful consent.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The empty matcher causes the hook to run on every prompt, creating broad automatic prompt interception rather than a scoped trigger. In a self-improvement skill, that increases unnecessary data exposure and makes it easy for reminders or captured context to affect unrelated tasks across the session.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The user-level configuration enables this hook globally across repositories and sessions without meaningful scope boundaries. That broadens the blast radius if the hook is noisy, misconfigured, or later modified, and can cause unintended persistence of behavior across sensitive or unrelated projects.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document explicitly describes reading another session's transcript via `sessions_history` but provides no privacy, authorization, or data-minimization guidance. In a self-improvement skill that promotes persistent learnings and cross-session coordination, this increases the chance that sensitive prompts, outputs, or secrets from other sessions are accessed and reused inappropriately.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The `sessions_send` example normalizes transmitting information between sessions without warning that the message may contain secrets, proprietary data, or user content. Because this skill is designed to capture and propagate learnings, it can encourage broad sharing of operational context across sessions, increasing accidental disclosure risk.

Ssd 3

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to retain user corrections, requests, and detailed context in markdown logs, creating a persistent store of natural-language data that may contain sensitive information. Even if intended for productivity, this expands the data retention surface and can leak private material through local files, repo commits, or later retrieval.

Ssd 3

High
Confidence
95% confidence
Finding
The cross-session features explicitly encourage reading other session transcripts and forwarding learnings between sessions, which can disclose information beyond the current task's authorization boundary. This creates a real confidentiality risk because prior session content may contain sensitive prompts, credentials, business context, or user data not meant for reuse or sharing.

Ssd 3

High
Confidence
96% confidence
Finding
The logging templates direct the agent to store full context, inputs, parameters, error output, and user context, all of which commonly include secrets or sensitive operational details. Because these are persistent files, the guidance materially increases the chance of accidental credential capture, PII retention, and later disclosure through sync, backups, or repository commits.

Ssd 3

High
Confidence
94% confidence
Finding
Promoting learned information into long-term memory and instruction files increases persistence and future exposure of potentially sensitive context across sessions and tasks. This is more dangerous than local transient notes because it turns incidental observations into durable guidance that may be surfaced to unrelated future work or different users.

Session Persistence

Medium
Category
Rogue Agent
Content
### Option 1: Project-Level Configuration

Create `.claude/settings.json` in your project root:

```json
{
Confidence
90% confidence
Finding
Create `.claude/settings.json` in your project root: ```json { "hooks": { "UserPromptSubmit": [ { "matcher": "", "hooks": [ { "type": "command",

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal