ClawHub

Muguozi1 Openclaw Self Improving

Security checks across malware telemetry and agentic risk

Overview

This is a local long-term memory skill, not malware, but it should be reviewed carefully because it stores user-derived memory and changes future agent behavior.

Install only if you want a local long-term memory system that can affect future agent responses. Review any proposed edits to AGENTS.md, SOUL.md, and HEARTBEAT.md, avoid storing secrets or sensitive personal data, inspect ~/self-improving/ periodically, and review the separate Proactivity skill before agreeing to install it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
These functions present themselves as unit tests but contain no assertions or validation logic; they always print success and return True. This can mask real defects by giving developers and CI systems false confidence that the skill works correctly, which is more concerning in a self-improving/proactive agent where reliability and safety checks are especially important.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The kill switch is triggered by the broad natural-language phrase "forget everything" without any confirmation, scoping, or authentication step. In a proactive/self-improving agent, this can be invoked accidentally during normal conversation or induced by prompt injection, causing unintended deletion of memory and behavior changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The template directs the agent to create and populate persistent files under `~/self-improving/` on first use, but provides no requirement for explicit user consent, no disclosure that local filesystem state will be modified, and no scoping or sandboxing guidance. In a self-improving/proactive agent context, this is more dangerous because the skill encourages autonomous persistence and repeated activation, which can normalize silent writes, create privacy risks, and leave unexpected artifacts in the user's environment.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The file states that the agent will load and reuse memory on every session and persist user preferences, patterns, and project defaults, but it does not disclose consent, scope limits, retention controls, or safeguards for sensitive data. This creates a privacy and cross-session data persistence risk because users may unknowingly have potentially sensitive information stored and later surfaced in unrelated contexts.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill instructs the agent to read from and use files in the user's home directory (`~/self-improving/...`) without any explicit user notice, consent, or scope limitation. In an agent skill context, this creates implicit filesystem access and persistence behavior, which can expose sensitive local data and enable hidden stateful behavior across runs.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill specifies automatic loading, writing, and maintenance of persistent memory files, but it does not require explicit user notice or consent at the time data is accessed, updated, or retained. In a self-improving agent, this is dangerous because user corrections, preferences, and project details can be silently persisted across sessions, creating privacy, transparency, and unauthorized-retention risks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file explicitly recommends adapting memory and confirmation behavior based on inferred user type, including giving 'power users' less confirmation and 'casual' users more. Without clear disclosure, consent, or bounded criteria, this creates opaque differential treatment that can cause the agent to collect, retain, or act on user data differently than users expect, increasing privacy and autonomy risks. In a self-improving memory skill, this is more dangerous because the behavior can persist across sessions and silently shape future interactions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The setup directs creation of persistent files and directories under `~/self-improving/` without first requiring explicit user consent or clearly warning that the skill will modify the local filesystem. Because this skill is designed to persist memory and later influence agent behavior, these writes are not merely transient setup artifacts; they create durable state that can affect future tasks and may surprise users or violate least-surprise expectations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal