ClawHub

Self-Direction

Security checks across malware telemetry and agentic risk

Overview

This markdown-only skill is not malicious, but it persistently builds a broad personal decision profile and can reuse or share it with sub-agents without strong consent or retention controls.

Install only if you want an agent to maintain a persistent local profile of how you think and decide. Review ~/self-direction/ regularly, avoid storing secrets or sensitive health, financial, legal, or personal details, set your own retention and deletion rules, and require explicit approval before inferred preferences are used for important actions or shared with sub-agents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill's activation criteria are extremely broad and cover ordinary decision-making situations, which can cause it to engage by default in many unrelated workflows. In context, that matters because the skill is designed to learn, persist, and reuse a user's behavioral profile, so over-broad triggering increases the amount of sensitive preference data collected and the scope of autonomous action.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to capture a 'complete direction system' over time and store it under ~/self-direction/, including values, goals, boundaries, evidence, and conflicts, but it provides no meaningful privacy notice, retention limit, access control guidance, or consent workflow. This creates a significant privacy and profiling risk because highly sensitive behavioral data may be collected and retained indefinitely without the user's informed approval.

Missing User Warnings

Low
Confidence
94% confidence
Finding
The template explicitly directs the agent to create persistent files under `~/self-direction/`, which causes long-lived local storage of behavioral and preference data. Even though writing files is not inherently malicious, doing so without any consent, retention, or privacy warning creates a real security and privacy risk because sensitive user-model data may persist beyond the task and be accessible to other local users, tools, backups, or future sessions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The evidence log and related templates are designed to capture raw observations, reactions, corrections, goals, values, boundaries, and inferred decision criteria about the user. This is sensitive profiling data, and storing it without privacy safeguards, purpose limitation, consent, or access controls materially increases the risk of surveillance, misuse, and unauthorized disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly directs the agent to create persistent files containing a model of the user's preferences, reasoning, boundaries, and behavior, but does not require informed consent, disclosure, minimization, or retention limits. This creates a privacy and profiling risk because sensitive behavioral data may be stored on disk indefinitely and later accessed, reused, or transmitted beyond the user's expectations.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill directs the system to persist behavioral observations across interactions and to propagate derived 'direction' to sub-agents, which is an onward-sharing and long-term retention pattern. Even if framed as alignment, this increases the chance that sensitive preferences, boundaries, or inferred traits are reused in contexts the user did not specifically authorize.

Ssd 4

Medium
Confidence
89% confidence
Finding
The phased design explicitly moves from observing and modeling the user to predicting preferences, acting autonomously, and transmitting direction to sub-agents, which amounts to a gradual expansion of authority. This is dangerous because the accumulated profile can be used to justify increasingly independent actions without fresh consent, creating a natural permission-escalation pathway disguised as personalization.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to continuously infer, record, and retain the user's decision patterns, priorities, reactions, corrections, and reasoning across interactions, then use and transmit that profile to sub-agents. In context, this is more dangerous because the stated goal is to predict preferences before the user states them and act on the user's behalf, which amplifies privacy, autonomy, and misuse risks if the profile is inaccurate, over-collected, or exposed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal