Security audit

self-track

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent self-tracking aid, but it gives broad activation, persistent memory-writing, and commit/push skill-creation instructions without clear user approval or scope limits.

Install only if you want an agent to maintain long-term self-improvement memory. Require explicit confirmation before any memory write, vector-memory update, new skill creation, commit, or push, and inspect the referenced local scripts before allowing them to run.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill description includes very broad trigger terms like 'learning,' 'growing,' 'improving,' and 'progress,' which are common in ordinary conversation and can cause the skill to activate in many unrelated contexts. Over-broad activation increases the chance the agent will unexpectedly enter a workflow that reads or writes memory files, runs local scripts, or initiates self-tracking behavior when the user did not explicitly request it.

Self-Modification

High

Category: Rogue Agent
Content: When I need a new capability: 1. `python3 /usr/local/lib/node_modules/openclaw/skills/skill-creator/scripts/init_skill.py <name> --path skills/ --resources references` 2. Write SKILL.md + resources 3. Test thoroughly 4. Validate: `python3 .../quick_validate.py skills/<name>` 5. Commit and push
Confidence: 97% confidence
Finding: Write SKILL

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.