ClawHub

Self Improving Agent.Bak

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it creates persistent agent memory and can broadly influence future agent behavior without strong user-review controls.

Install only if you want a persistent agent-memory workflow. Prefer project-scoped hooks over global hooks, use narrow matchers, review scripts before enabling them, and require manual approval before anything is written to .learnings or promoted into future agent instruction files. Do not let it store secrets, credentials, private customer data, or sensitive internal details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The invocation description is broad enough that the skill may activate during many routine interactions, causing unsolicited logging and file modification. In this context, over-triggering matters because the skill writes persistent records and may capture user content without a clear, narrow activation boundary.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Trigger phrases like 'Actually…' or 'Can you also…' are common in normal conversation and can cause the agent to persist information from ordinary dialogue into long-lived logs. Because this skill is designed to retain corrections, requests, and context, conversational overlap increases the chance of collecting sensitive or unnecessary data without user awareness.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to write to local workspace files and promote content into broader project files without warning or explicit consent. Silent modification of persistent files is risky because it can surprise users, alter repository state, and retain information they did not intend to store.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill persistently stores corrections, feature requests, knowledge gaps, and related context without any filtering for secrets, personal data, or confidential project information. Over time, this creates a durable memory sink that can accumulate sensitive user inputs and make them available for later reuse or exposure.

Ssd 3

Medium
Confidence
97% confidence
Finding
The detection triggers explicitly direct the agent to log user-provided information and contextual details whenever common interaction patterns occur. In a persistence-oriented skill, this substantially raises the risk of retaining sensitive conversational content, including corrections that may contain secrets, architecture details, or internal workflow information.

Session Persistence

Medium
Category
Rogue Agent
Content
## Setup

```bash
mkdir -p ~/.openclaw/workspace/.learnings
```

Create three log files: `LEARNINGS.md` · `ERRORS.md` · `FEATURE_REQUESTS.md`
Confidence
88% confidence
Finding
mkdir -p ~/.openclaw

Session Persistence

Medium
Category
Rogue Agent
Content
### Option 1: Project-Level Configuration

Create `.claude/settings.json` in your project root:

```json
{
Confidence
78% confidence
Finding
Create `.claude/settings.json` in your project root: ```json { "hooks": { "UserPromptSubmit": [ { "matcher": "", "hooks": [ { "type": "command",

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal