ClawHub

Self-Evolving

Security checks across malware telemetry and agentic risk

Overview

This markdown-only skill is coherent with its stated purpose of improving repeated workflows through local notes, with no scripts, network calls, credential access, or hidden execution.

Install this if you want the agent to keep concise local notes about repeated workflows and improvement experiments. Review ~/self-evolving/ periodically, avoid saving secrets or sensitive personal/business details there, and tell the agent to pause or opt out if you do not want ongoing memory updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The template explicitly instructs the agent to create and continually update a persistent file under the user's home directory, which is a local data modification action. Even though the content appears operational rather than overtly malicious, it lacks any user-consent, disclosure, or safety constraints around when filesystem writes are permitted, which can lead to unauthorized persistence, privacy issues, or unintended state changes.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The activation guidance is intentionally broad and asks the agent to infer when to activate from repeated workflows, friction, or optimization topics within the first few exchanges. Without hard boundaries, the skill may engage in contexts the user did not clearly authorize, increasing the chance of unexpected behavior changes or unsolicited collection of preferences tied to ongoing work.

Ssd 3

Medium
Confidence
93% confidence
Finding
The skill explicitly directs the agent to persist user-derived information into memory files and archives for future reuse, but it does not limit what kinds of data may be stored or exclude sensitive content. In practice, this can lead to retention of confidential preferences, workflow details, mistakes, or other personal/business information beyond the immediate conversation need.

Ssd 3

Medium
Confidence
78% confidence
Finding
Telling the agent to keep learning through normal use and reflect understanding after each answer creates pressure to continuously extract and accumulate user-derived signals over time. Even without explicit logging language, this encourages implicit profiling and retention creep, especially when paired with the earlier instructions to maintain local notes and experiment history.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal