ClawHub

Self Improving Agent

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned, but it needs review because it can persist user and project context into long-term agent memory with broad automatic triggers.

Install only if you want the agent to keep durable learning and memory files. Prefer project-scoped hooks with narrow matchers, avoid global every-prompt activation, and review or redact entries before they are promoted into MEMORY.md, AGENTS.md, SOUL.md, or TOOLS.md.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (15)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The document's security note is internally inconsistent: the hook configuration explicitly invokes shell scripts via a command hook, yet the note claims the scripts only output text and do not run commands. This can mislead users into underestimating the execution risk of enabling hooks, especially since hook scripts run with the agent's permissions and can be modified or replaced.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation criteria are broad enough that the skill may trigger during many normal interactions, including routine failures, corrections, or tool issues. In a skill that writes to persistent learning files and memory, over-broad invocation increases the chance of storing sensitive, low-quality, or adversarially induced content without deliberate user consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README advertises automatic error logging, learning capture, memory integration, and rule formation, but does not warn about privacy, retention, or the risk of persisting sensitive data from prompts, tool output, or user corrections. This creates a real security and privacy issue because an agent may silently store confidential information or poisoned instructions into durable memory.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to persist conversation-derived errors, corrections, and learnings into local files immediately, but it does not require informing the user or obtaining consent before storing that data. This creates a privacy and data-retention risk because sensitive user statements, mistakes, or contextual details may be written to durable storage without the user's awareness.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The logging guidance captures user requests, feedback, and missing-capability signals in persistent files without warning that these entries may contain personal, proprietary, or sensitive operational information. Over time this can build an undocumented dossier of user interactions that may later be exposed to other tools, agents, or operators.

Vague Triggers

Medium
Confidence
87% confidence
Finding
An empty matcher causes the hook to trigger on every prompt, greatly expanding when the command runs. In a self-improvement skill, that broad scope increases exposure to unnecessary command execution, prompt-context injection, and accidental persistence of behavior across routine interactions.

Vague Triggers

Medium
Confidence
92% confidence
Finding
Using an empty matcher in a user-level configuration makes the command run for all prompts across sessions, which broadens impact beyond a single project. That persistent global activation increases the chance of unintended execution and makes any future script change affect all work indiscriminately.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Although labeled minimal, this setup still uses an empty matcher, so it remains broadly triggered on every prompt. Reducing the number of hooks lowers overhead but does not reduce the core risk of indiscriminate command execution on normal interaction flow.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The Codex CLI example also uses an empty matcher, causing the command to run on every prompt submission. Because this is documentation intended for reuse, it can propagate an overly broad and unsafe default across environments.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger descriptions are broad enough to encourage frequent, automatic logging of errors, surprises, and knowledge gaps without clear scoping or minimization rules. In a self-improvement skill that writes to persistent files, this can lead to over-collection of sensitive user, workspace, or operational context and create privacy and data retention risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation instructs the agent to log learnings to persistent `.learnings/` storage but does not warn against storing sensitive prompts, personal data, credentials, or session-specific content. Because this skill is explicitly designed to capture failures and corrections, the omission makes accidental long-term retention of sensitive information more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file documents transcript access and cross-session messaging capabilities without any privacy boundary, consent requirement, or minimization guidance. In a memory-oriented skill, this materially increases the risk that information from one session will be copied into another session or into persistent memory, enabling unintended disclosure across contexts.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill explicitly tells the agent to consolidate lessons into long-term memory files and to promote information into durable documents such as MEMORY.md, AGENTS.md, SOUL.md, and TOOLS.md. Because these records can include user-provided corrections, preferences, and context, the design increases the chance of retaining personal or sensitive information far beyond the original conversation.

Ssd 3

Medium
Confidence
97% confidence
Finding
The recommended MEMORY.md structure explicitly includes storing information 'about the boss' such as user preferences, habits, and important information in a persistent file. This is a concrete privacy risk because it normalizes profiling and durable storage of personal data without any stated consent, minimization, or access-control safeguards.

Session Persistence

Medium
Category
Rogue Agent
Content
### Option 1: Project-Level Configuration

Create `.claude/settings.json` in your project root:

```json
{
Confidence
79% confidence
Finding
Create `.claude/settings.json` in your project root: ```json { "hooks": { "UserPromptSubmit": [ { "matcher": "", "hooks": [ { "type": "command",

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal