ClawHub

Self-Improving + Proactive Agent

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This instruction-only skill is coherent and disclosed, but it intentionally creates persistent local memory and workspace steering that can affect future agent behavior.

Install this only if you want the agent to keep local cross-session learning about your preferences and corrections. Review the AGENTS.md, SOUL.md, HEARTBEAT.md, and ~/self-improving/ changes, keep sensitive data out of memory, and approve the optional Proactivity install only after reviewing that skill separately.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI06: Memory and Context Poisoning
Low
What this means

The agent may remember and apply your preferences, corrections, and project patterns in later tasks.

Why it was flagged

The skill intentionally loads persistent learned memory into future sessions, so incorrect, overly broad, or sensitive entries could influence later agent behavior.

Skill content
### On Session Start
1. Load memory.md (HOT tier)
2. Check index.md for context hints
3. If project detected  preload relevant namespace
Recommendation

Use the audit and forget commands, avoid storing secrets or sensitive personal data, and periodically review ~/self-improving/ for entries you do not want retained.

#
ASI10: Rogue Agents
Low
What this means

The skill can continue influencing future sessions through workspace heartbeat and memory files.

Why it was flagged

The setup can add recurring heartbeat steering that keeps the memory system maintained after initial setup.

Skill content
Add this section to your `HEARTBEAT.md` ... Use `~/self-improving/heartbeat-state.md` for last-run markers and action notes
Recommendation

Only add the HEARTBEAT/AGENTS/SOUL steering if you want persistent self-improvement behavior, and remove those snippets if you later disable the skill.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

Approving the companion install adds another skill with its own instructions and risks.

Why it was flagged

The skill may install a separate Proactivity skill that is outside the artifacts reviewed here, although it requires explicit user approval.

Skill content
Only install it after the user explicitly agrees.

If the user agrees:

1. Run `clawhub install proactivity`
Recommendation

Review the Proactivity skill separately before agreeing to install or activate it.