ClawHub

brainmd

Security checks across malware telemetry and agentic risk

Overview

This skill openly creates a persistent self-modifying behavior system for agents, but its automatic learning loop can reshape future decisions without strong boundaries or rollback guidance.

Install only if you intentionally want an experimental adaptive behavior layer. Keep it out of sensitive or production workflows unless you can inspect the brain directory, review mutation logs, disable heartbeat automation, and reset or roll back learned state when needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill explicitly instructs the user to run shell and Node commands that inspect and modify files under the workspace, yet it declares no permissions or safety boundaries. This mismatch can cause operators or agent frameworks to underestimate the skill's execution and filesystem reach, increasing the chance of unintended command execution or persistent state changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
These instructions direct repeated use of `record` and `review` commands that mutate persistent files (`pathways.json`, `mutations/`, and related brain state) but do not warn that they permanently alter future agent behavior. In a self-modifying agent context, silent persistence is especially risky because routine use can entrench bad patterns, corrupt behavioral state, or normalize unsafe actions over time.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The initialization sequence creates a new `brain/` directory tree and installs self-review components in the workspace without a prominent warning that this performs persistent filesystem changes. While initialization is expected to write files, the omission matters here because the created components are designed for ongoing self-modification and future automated execution.

Self-Modification

High
Category
Rogue Agent
Content
---
name: brainmd
description: "Neuroplastic self-modifying runtime for AI agents. Creates a file-based 'brain' that learns from interactions: reflexes (fast-path responses), habits (learned patterns), weighted pathways (reinforcement), and a cortex (self-review loop). Use when: setting up adaptive agent behavior, creating learning loops, building persistent behavioral memory, or making an agent that improves over time."
---

# brainmd
Confidence
97% confidence
Finding
self-modify

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal