ClawHub

Auto Improving Agent

Security checks across malware telemetry and agentic risk

Overview

This skill transparently maintains local learning notes for an agent, with no evidence of credential access, network exfiltration, or unrelated system control.

Install only if you want your agent to maintain persistent local learning notes automatically. Review .learnings periodically, avoid storing secrets or personal data in learned entries, and prefer --dry-run or backups before running retention cleanup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to read and write multiple repository files, but the metadata does not declare those capabilities or permissions. Hidden file-modification capability weakens user awareness and policy enforcement, making unintended persistence or tampering more likely in an agent context.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
A description-behavior mismatch is security-relevant because users and orchestrators may trust the declared purpose while the skill performs additional persistence-related actions or fails to implement the safeguards it claims. In this context, undocumented session injection and overstated automation can bypass informed consent and reduce the operator's ability to predict what the skill will modify or surface in future sessions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises automatic logging, archival, and deletion of learned entries without a clear warning that it may modify or remove user files. Autonomous persistence and retention actions can create privacy, integrity, and auditability risks, especially when the agent infers what should be stored or deleted from normal interaction flow.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill says automated triggers fire without user prompting, meaning it can infer patterns from session activity and write them to persistent storage autonomously. In an agent environment, that increases the chance of unauthorized persistence of sensitive data, mistaken summaries, or durable prompt contamination across sessions without the user's knowledge.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script rewrites `.learnings/LEARNINGS.md`, appends to `.learnings/ARCHIVE.md`, and silently drops entries classified as `delete` when not run with `--dry-run`. Although this appears to be maintenance logic rather than malicious behavior, the operation is destructive and lacks an explicit confirmation step, backup, or prominent warning, so a user or automation could unintentionally lose data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal