ClawHub

self-evalutaed-agent

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it can automatically turn workspace errors into persistent future agent work without clear approval boundaries.

Install only if you want a persistent self-improvement loop in your OpenClaw workspace. Keep cron disabled until you have reviewed the generated backlog and research files, restrict write access to the workspace, avoid storing secrets in logs this skill reads, and require human review before any agent executes generated tasks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Vague Triggers

Medium
Confidence
78% confidence
Finding
The README states the system will 'automatically run when new errors are detected' but does not define boundaries, approval requirements, or what actions may be taken after triggering. In a self-improving agent context, ambiguous auto-triggering can cause the agent to invoke itself on untrusted or noisy inputs and potentially initiate research or code-modifying workflows without operator awareness.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README promotes a 'self-improving agent' that 'implements improvements' but does not warn that the system may perform impactful actions such as modifying scripts, changing behavior, or persisting new procedures. In an autonomous agent environment, missing safety warnings and constraints can lead users to deploy it with excessive trust, increasing the risk of unintended code execution, unsafe changes, or persistence of harmful behaviors.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The skill advertises automatic execution when 'new errors are detected' but does not define what counts as an error, what sources are monitored, or what safeguards prevent noisy or attacker-induced triggers. In a self-modifying or task-creating workflow, ambiguous trigger conditions can cause unintended execution, excessive task generation, or adversary-controlled stimulation of the automation pipeline.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documented workflow includes monitoring, backlog creation, execution by another agent, metric recording, and persistent memory writes, yet it does not warn about operational side effects or data integrity risks. Because the system is described as able to observe failures and drive changes automatically, users may enable it without understanding that it can modify system state, persist potentially unsafe procedures, and amplify bad decisions across sessions.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script automatically launches a self-improvement subprocess whenever new errors are detected, with no user confirmation, approval gate, or policy check. In an agent setting, autonomous execution triggered by log content can cause unintended code changes or repeated self-modifying behavior, especially if an attacker can influence the error log or the called workflow.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## Features

- **Auto-Trigger**: Automatically runs when new errors are detected
- **Topic Selection**: Analyzes error patterns and selects high-priority topics
- **Impact Measurement**: Records before/after metrics to measure improvement effectiveness
- **Procedural Memory**: Remembers working commands/scripts between sessions
Confidence
84% confidence
Finding
Automatically run

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal