ClawHub

SELF IMPROVING

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about being a self-improvement logger, but it can persistently shape future agent behavior and retain sensitive session details without strong scoping or redaction safeguards.

Install only if you want persistent agent memory and reminders. Keep logs project-local by default, redact secrets and private conversation details, review diffs before promoting anything into CLAUDE.md, AGENTS.md, SOUL.md, TOOLS.md, MEMORY.md, or Copilot instructions, and avoid global hooks unless you intentionally want the behavior across all projects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The documented configuration uses an empty matcher for UserPromptSubmit, which causes the hook to fire on every prompt and inject self-improvement content into every session turn. Because hook scripts execute automatically and can influence agent context on all interactions, this broad trigger scope increases exposure to prompt-context manipulation and unnecessary persistence of agent behavior.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The guide recommends user-level activation in ~/.claude/settings.json without any trigger-scope constraints, effectively enabling the hook across all projects and sessions. This expands the blast radius of any faulty, overreaching, or compromised hook behavior and creates persistent cross-project influence that is difficult for users to reason about.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill encourages persistent storage of corrections, requests, and session-derived learnings into long-term files and promotion targets, which can capture sensitive user content, proprietary context, or secrets if logged verbatim. Because these files may be shared across sessions or committed to repositories, the retention surface is broader than the original conversation.

Ssd 3

Medium
Confidence
97% confidence
Finding
The inter-session communication guidance explicitly permits reading other sessions' transcripts and forwarding learnings between sessions, which can disclose sensitive conversation data outside its original context. In a multi-agent environment, this meaningfully increases the chance of unauthorized propagation of private or proprietary information.

Ssd 3

Medium
Confidence
96% confidence
Finding
The prescribed logging format asks for raw error output, inputs, parameters, environment details, and user context, all of which commonly contain secrets, internal URLs, personal data, or proprietary operational details. Persisting that information in markdown logs creates a durable leakage channel and enlarges the blast radius of any future repository or workspace exposure.

Session Persistence

Medium
Category
Rogue Agent
Content
### Option 1: Project-Level Configuration

Create `.claude/settings.json` in your project root:

```json
{
Confidence
88% confidence
Finding
Create `.claude/settings.json` in your project root: ```json { "hooks": { "UserPromptSubmit": [ { "matcher": "", "hooks": [ { "type": "command",

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal