ClawHub

Self-Evolution Cognition

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a memory/cognition aid, but it broadly persists reasoning, feedback, and intermediate state in files without clear retention or deletion controls.

Use this only in workspaces where persistent local memory files are acceptable. Avoid giving it secrets, credentials, customer data, or sensitive incident details unless you have reviewed where the files are written and how to delete or rotate them. The evidence does not show malicious behavior, but the persistence model deserves careful review before installation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly states that all thought processes are written to files for cross-session memory, but it does not warn users that sensitive prompts, analysis content, or internal reasoning may persist on disk. In an agent skill, this creates a real data retention and disclosure risk because users may unknowingly provide confidential material that is then stored in plaintext or long-lived logs.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documented feedback injection feature encourages users to provide production observations and bug details, but it does not warn that this feedback may become part of persistent memory. That is dangerous because human feedback often contains incident details, proprietary context, or operational secrets that could be retained and later exposed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly states that all intermediate state is written to persistent files, but the documentation provides no warning, consent model, retention policy, or guidance on handling sensitive data. In an agent framework, intermediate reasoning often contains prompts, user data, secrets, or derived sensitive context, so silent persistence can create privacy leaks, unintended data retention, and forensic exposure on disk.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill promotes persisting reasoning and memory across sessions, which naturally captures free-form analytical content that may include secrets, proprietary code details, credentials, incident context, or regulated data. In this skill's context, the danger is elevated because it is explicitly designed to log cognition and evolve from prior interactions, increasing both retention scope and the chance of sensitive data accumulation.

Ssd 3

Medium
Confidence
96% confidence
Finding
The documented 'file is memory' model and automatic writing to VERIFICATION_LOG.md imply continuous retention of detailed reasoning artifacts. Because this is an agent cognition framework rather than a narrowly scoped logging utility, users may feed it broad and sensitive task content, making silent logging more dangerous and more likely to create privacy, confidentiality, and data governance issues.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal