ClawHub
Back to skill

Security audit

How To Use Agent

Security checks across malware telemetry and agentic risk

Overview

This is a safety-oriented self-improvement playbook for agents, with broad but disclosed authority and explicit approval steps before modifying agent-owned data.

Install this only if you want an agent to help plan and document changes to its own instructions, memory, skills, or runtime behavior. Before approving any proposed change, check the exact files, reason, risk, and rollback plan, especially for prompts, permission policies, memory stores, and self-update logic.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Self-Modification

High
Category
Rogue Agent
Content
- system prompts, tool schemas, permission policies, connector policies
- skill files, skill indexes, skill manifests, memory registries
- durable memory files, knowledge bases, wiki indexes, recall databases
- startup, restart, routing, planner, delegation, or self-update logic

When approval is needed, show:
Confidence
85% confidence
Finding
self-update

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal