TubiTVSmartremotecontroller
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The bundled skill appears to be a self-improvement and memory-logging tool, but its registry identity is inconsistent with that purpose, so users should review it carefully before installing.
Install only if you intended to add a self-improvement/memory-logging skill, not a Tubi or YouTube remote-control skill. If you use it, review generated `.learnings/` entries and any promoted agent instruction files, and enable the optional hook only if you want recurring reminders across sessions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may install this expecting one kind of skill but receive a different self-improvement/memory tool with persistent behavior.
The registry identity is unrelated to the self-improvement contents shown in SKILL.md and `_meta.json` (`self-improving-agent`), creating package provenance and identity ambiguity.
Name: TubiTVSmartremotecontroller ... Slug: youtubechannelslivestream ... Description: self-improvement
Only install if you intended to install the self-improvement skill; the publisher should republish with matching name, slug, metadata, and source identity.
Incorrect, sensitive, or over-broad entries could be reused later by the agent as trusted context.
The skill intentionally creates persistent memory/context that can influence future sessions.
Log learnings and errors to markdown files for continuous improvement... important learnings get promoted to project memory.
Review `.learnings/` and any promoted `CLAUDE.md`, `AGENTS.md`, `SOUL.md`, or `TOOLS.md` changes before relying on them; avoid storing secrets or raw transcripts.
Once enabled, the agent may receive recurring reminders to log learnings in future sessions.
The included hook can inject a self-improvement reminder into agent bootstrap context whenever the hook is enabled.
if (event.type !== 'agent' || event.action !== 'bootstrap') { return; } ... cleanedBootstrapFiles.push(reminderFile);Enable the hook only if you want recurring self-improvement prompts, and disable/remove the hook if it becomes intrusive.
Session transcripts can contain sensitive context if shared too broadly.
The skill documents cross-session transcript sharing capabilities, but also includes explicit trust and user-consent guidance.
sessions_history — Read another session's transcript ... Use these only in trusted environments and only when the user explicitly wants cross-session sharing.
Use inter-session tools only for trusted workspaces and share sanitized summaries rather than raw transcripts.