ClawHub

Nova Self-Improver

Security checks across malware telemetry and agentic risk

Overview

This skill is instruction-only and purpose-aligned, but it asks agents to keep long-term memory, learn user preferences, create skills, and run recurring maintenance without clear user controls.

Install only if you intentionally want an agent to maintain long-lived memory and modify workspace files over time. Before using it, set strict writable paths, disable or require approval for cron jobs and generated skills, review what gets stored in USER.md and memory logs, and define how to delete or redact sensitive entries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs unattended cron-triggered agent turns that review and modify persistent files without a fresh user request. This creates a real autonomy boundary violation: recurring background execution can amplify mistakes, mutate state over time, and perform actions the user did not actively authorize at the time of execution.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The auto-creation protocol directs the agent to generate new skills from repeated patterns, effectively allowing the system to expand its own instruction set without human review. Self-modifying capability is dangerous because it can institutionalize flawed behavior, introduce prompt-injection persistence, and increase the blast radius of earlier mistakes.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill promotes autonomous file maintenance and continuous learning but does not clearly warn users that workspace files and persistent memory artifacts will be created or modified. Silent state mutation is a genuine safety issue because it can alter project files, surprise the user, and preserve unintended or sensitive data over time.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The cron-based maintenance guidance encourages unattended recurring actions that update memory files and audit skills, but it lacks strong warnings or guardrails around continuous execution. In context, this is more dangerous because the skill is specifically designed for self-improvement and persistence, so recurring runs can compound unauthorized changes and data retention.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrase at line 12 is broad enough to activate on generic requests that may not specifically require this skill, increasing the chance of unintended invocation. Because this skill enables autonomous self-improvement behavior, accidental activation could introduce unsafe memory, learning, or maintenance workflows into unrelated tasks.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrase at line 14 is ambiguous and does not clearly define when the skill should or should not activate. In a self-modifying or self-maintaining agent skill, vague activation criteria are risky because they can cause the agent to enter autonomous improvement workflows without an explicit, informed user request.

Vague Triggers

Low
Confidence
79% confidence
Finding
The manifest’s trigger set lacks clear boundaries, making it easier for this powerful skill to be selected in contexts outside its intended scope. Given the skill’s description includes continuous learning and autonomous file maintenance, weak activation guardrails increase the chance of overreach, unintended persistence, or unsafe autonomous behavior being introduced.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to automatically infer and store user preferences, corrections, and feedback patterns across sessions. This is a true persistence/privacy risk because inferred user data may be inaccurate, sensitive, or collected without meaningful consent, and it can influence future behavior in ways the user did not expect.

Ssd 3

Medium
Confidence
92% confidence
Finding
The skill broadly mandates logging task outcomes, failures, and session context into persistent files after significant tasks. Persistent operational logging is risky when unconstrained because it can capture secrets, proprietary data, or sensitive interaction details and make them durable beyond the current session.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal