ClawHub

Auto Improve

Security checks across malware telemetry and agentic risk

Overview

This skill is not overtly malicious, but it asks the agent to automatically store and reuse project learnings across sessions without clear consent, limits, or review controls.

Install only if you want automatic cross-session memory behavior. Review `.antigravity.md` changes, avoid using it in sensitive repositories unless you can prevent secrets from being saved, and prefer requiring confirmation before the agent writes learnings or reuses stored context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill enables automatic activation at broad lifecycle points such as every session start, after every task, and on errors, without explicit scoping, consent, or applicability checks. In an agent context, this can cause unintended invocation of memory access and project-file modification logic, increasing the chance of surprising side effects and unsafe persistence.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger map defines automatic handlers for session_start, post_code_edit, and session_end, but does not specify eligibility criteria, safety boundaries, or approval requirements. This makes the skill more dangerous because it can run persistence and learning behaviors across many contexts, even when the user did not request memory recall or project updates.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly describes cross-session learning and updating `.antigravity` project files, but does not provide clear user warning, consent, retention limits, or data minimization controls. Persistent storage of mistakes, patterns, and project context can expose sensitive information, create hidden state, and modify repositories in ways the user may not expect.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal