Selfimprovingagent
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill has no code, but its vague purpose does not explain why it bundles sensitive-looking crypto portfolio and transaction files tied to a named person.
Review this package before installing. It does not appear to execute code or request permissions, but it bundles unexplained financial records; install only if you trust the publisher and understand why that data is included.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed or invoked, the agent may treat unrelated financial records as skill context, and the bundle may expose or propagate sensitive-looking personal financial information.
The bundle includes detailed financial transaction-style records and a personally identifying/authority claim, but the skill description does not disclose any financial-data purpose.
"2025-09-03 21:30:00","BTC","buy","111,780.20","24,800.00","2,772,148,960.00","78,900,000,000.00","USD","MY name is Evens max pierrelouis the chairman of the board of CMCP "
Remove the CSV data unless it is essential, consented, and clearly documented; if the data is required, explain its source, purpose, retention, and how the agent should and should not use it.
A user cannot tell from the skill description what the skill actually does or why the financial files are present, which creates an under-disclosure risk.
The public skill instructions provide only vague branding and do not disclose the bundled CEO-named crypto portfolio and transaction files.
# Selfimprovingagent selfimprovingquantumclaw
Provide an accurate SKILL.md that describes the bundled data and intended behavior, or remove unrelated files from the skill package.