Back to skill

Security audit

Self_Improving_ClawAgent

Security checks across malware telemetry and agentic risk

Overview

This skill is openly designed to rewrite its own instructions, which is disclosed but risky enough to require review before installation.

Install only if you intentionally want an experimental self-modifying agent. Review every proposed or actual change to SKILL.md, SOUL.md, MEMORY.md, and Python files, avoid using it on sensitive projects, and treat its YouTube research outputs as heuristic or mock data unless independently verified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The prompt explicitly authorizes the agent to rewrite its own instructions and provides a concrete file-write mechanism to do so. In a local file manipulation environment, this creates an unsafe self-modification loop that can drift behavior, bypass intended controls, and persist unauthorized changes without user review.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The instruction to proactively patch `SKILL.md` authorizes self-modification of the skill's governing instructions without any defined scope, approval boundary, or safety constraints. This can let the agent rewrite its own behavior over time, weakening guardrails, expanding permissions, or introducing prompt-injection persistence even if the original wording was intended as optimization.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The prompt instructs the agent to overwrite SKILL.md as part of self-improvement without any requirement to notify the user, request approval, or present a diff. Silent modification of core instruction files is dangerous because it enables persistent, non-transparent behavior changes that users and operators may not detect immediately.

Self-Modification

High
Category
Rogue Agent
Content
3.  Did I encounter a rate limit or API error?

### Step C: The Self-Rewrite (The "Evolution" Phase)
If a failure or inefficiency is found, you are **authorized** to generate a code block to update your own instructions. 
* **Trigger:** "Logic Optimization Detected."
* **Action:** Generate a Python snippet using `open('SKILL.md', 'w')` to inject the improved logic.
Confidence
99% confidence
Finding
update your own instructions

Self-Modification

High
Category
Rogue Agent
Content
2.  Was there any "hallucination" or inefficient code?
3.  Did I encounter a rate limit or API error?

### Step C: The Self-Rewrite (The "Evolution" Phase)
If a failure or inefficiency is found, you are **authorized** to generate a code block to update your own instructions. 
* **Trigger:** "Logic Optimization Detected."
* **Action:** Generate a Python snippet using `open('SKILL.md', 'w')` to inject the improved logic.
Confidence
99% confidence
Finding
Self-Rewrite

Self-Modification

High
Category
Rogue Agent
Content
### Step C: The Self-Rewrite (The "Evolution" Phase)
If a failure or inefficiency is found, you are **authorized** to generate a code block to update your own instructions. 
* **Trigger:** "Logic Optimization Detected."
* **Action:** Generate a Python snippet using `open('SKILL.md', 'w')` to inject the improved logic.

## 4. OPERATIONAL COMMANDS
When working in Antigravity, you must prioritize these "Meta-Commands":
Confidence
100% confidence
Finding
open('SKILL.md', 'w

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.