Claw Self-Improvement

Security checks across malware telemetry and agentic risk

Overview

This self-improvement skill is purpose-aligned, but it can turn ordinary corrections, errors, and requests into persistent local memory without enough privacy controls.

Install only if you deliberately want a persistent local learning system. Before enabling hooks, decide where .learnings files live, keep them out of shared repos unless reviewed, and instruct the agent not to save credentials, tokens, personal data, customer data, or confidential workspace details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill encourages storing user corrections, failures, and session-derived details in persistent markdown files, but does not prominently warn that sensitive or personal data may be retained across sessions. This can lead to inadvertent long-term storage of secrets, private user content, or regulated data that later gets surfaced back into model context.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The hook injects bootstrap guidance that tells the agent to persist user corrections, failed operations, and feature requests into `.learnings/*.md` files. That creates a durable retention channel for potentially sensitive user content and operational details without any consent check, data classification, minimization, or exclusion of secrets/PII, so normal conversation content can be transformed into long-lived workspace data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal