ClawHub

Self Improving Life

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent life-tracking and self-assessment aid, with the main caution that it records sensitive personal wellbeing, relationship, work, and finance information in local files.

This appears safe for its intended purpose, but treat it like a private journal: review what personal details you store, keep the generated files protected, and check any automatically installed dependency before use.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI06: Memory and Context Poisoning
Medium
What this means

Private life details may remain in the agent workspace or local files and could be referenced later if the user or agent reuses those logs.

Why it was flagged

The skill explicitly creates persistent local records about personal wellbeing, mood, relationships, work, and finances.

Skill content
Append to `.learnings/life/MONTHLY_ASSESSMENTS.md` ... Daily mood tracking ... Log energy, mood, satisfaction scores
Recommendation

Only record details you are comfortable storing, avoid unnecessary sensitive specifics, and periodically review or delete the .learnings/life files if you no longer need them.

#
ASI05: Unexpected Code Execution
Low
What this means

If run, it will create a personal assessment file in the current directory, but the script shown does not use network access, credentials, or destructive commands.

Why it was flagged

The included helper is a shell script that interactively collects assessment answers and writes a local markdown report.

Skill content
#!/bin/bash ... read -p "  整体满意度: " health_score ... cat > "life-assessment-$timestamp.md"
Recommendation

Run the helper only intentionally and from a directory where you are comfortable storing the generated personal report.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

Installing the skill may involve another component whose behavior is not shown in these artifacts.

Why it was flagged

The metadata declares an additional dependency that is not included in the provided file contents for review.

Skill content
"dependencies": ["self-improving-agent"], "partOfSuite": "self-improving-suite"
Recommendation

Review the dependent self-improving-agent component before installation if your platform installs dependencies automatically.