ClawHub

Proactive Self Improving

Security checks across malware telemetry and agentic risk

Overview

This skill openly helps an agent learn from work, but it can automatically save task details and change future agent behavior without clear approval or privacy controls.

Install only in workspaces where persistent local learning notes are acceptable. Review .learnings/, AGENTS.md, TOOLS.md, SOUL.md, and generated skills regularly, and require manual approval before promotions or new skill creation. Avoid using it around secrets, credentials, proprietary work, or sensitive personal data unless you add redaction, retention, and deletion controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill makes "task completion" a default trigger for writing to persistent memory, which is broad enough to activate on nearly every interaction. In practice this can cause excessive, low-friction persistence of user-derived content and create a standing memory-collection behavior that users did not explicitly request.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The capability-request keywords are common conversational phrases, so ordinary user dialogue may be misclassified as a trigger to persist feature requests. This increases accidental collection and storage of user intent, preferences, or unmet needs without clear user awareness.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to persist user corrections, task reviews, and operational details into local files and changelogs. Because these summaries are free-form natural language, they can easily capture sensitive user data, proprietary context, credentials, or personal information and retain it beyond the original task.

Ssd 3

Medium
Confidence
98% confidence
Finding
The error template directs the agent to record input parameters, commands, and environment context, which often contain secrets, tokens, file paths, internal hostnames, or user-supplied sensitive inputs. Persisting this data to markdown logs creates a durable disclosure surface that can later be read, indexed, or promoted elsewhere.

Ssd 4

Medium
Confidence
96% confidence
Finding
The skill normalizes a pipeline that captures interaction-derived information, links recurring patterns, promotes them into permanent files, and can extract them into new skills. This creates a memory-amplification mechanism where initially minor or contextual user data can become durable agent behavior or reusable artifacts without robust trust, privacy, or review boundaries.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal