ClawHub

Self-Improving 中文适配

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local memory skill for agent self-improvement, with privacy and persistence tradeoffs but no evidence of deception, exfiltration, or unrelated harmful behavior.

Install only if you want the agent to keep local cross-session memory about corrections, preferences, and work patterns. Before setup, review the exact files it will create or edit, avoid storing secrets or sensitive personal data, inspect ~/self-improving periodically, and require confirmation before memory exports, wipes, or heartbeat maintenance changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The weekly maintenance workflow introduces autonomous scanning, moving, archiving, and compaction of persisted memory files beyond narrowly scoped self-correction behavior. This increases the agent’s authority over stored user data and creates integrity and privacy risks because data can be transformed or relocated without an explicit per-action user request or clear consent model.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The command set exposes broad memory browsing, export, deletion, and full wipe capabilities that materially exceed the stated purpose of self-improvement from corrections and failed tasks. Expanding a skill’s operational scope this way increases the chance of misuse, accidental disclosure, or destructive actions against persisted user data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly directs the agent to persist user corrections, preferences, and self-reflections into local files, but it does not require a clear user-facing consent flow or prominent notice at the time of collection. This creates a real privacy risk because users may reveal sensitive preferences or personal information during normal interaction, and the agent is instructed to store it automatically for future reuse.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The kill-switch workflow requires exporting all memories to a file before deletion, which creates a new sensitive data artifact at the exact moment the user is requesting erasure. This increases the risk of unintended retention, disclosure, or recovery of personal data, and it conflicts with the stated goal of fully forgetting the user.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The template instructs creation of persistent files and directories under the user's home directory and frames them as part of normal first use, but it does not warn about local data retention, sensitivity of stored corrections/preferences, or obtain explicit user consent. In a self-improving agent, this is more dangerous because the stored memory can accumulate behavioral profiles, project details, and user-specific preferences over time, creating privacy and persistence risks beyond the current session.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly states it will load a persistent memory file on every session, which creates a cross-session data retention and privacy risk without any notice, consent model, scoping, or handling safeguards. In a self-improving agent context, this is more dangerous because the file can accumulate user preferences, project details, and prior-session information that may be unnecessarily reused or exposed across tasks.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Automatically loading memory and contextual files at session start accesses potentially sensitive stored data without a clear user-facing notice or fresh consent. This can surprise users, broaden data exposure within a session, and cause the agent to rely on old personal/project data in contexts where the user did not expect it.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The weekly maintenance routine performs background modification of stored data, including moving and archiving files, without any visible warning or consent flow. Silent background changes to user-related memory create integrity, transparency, and recoverability risks, especially if data is needed later or was not meant to be retained long-term.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup explicitly instructs the agent to create files in the user's home directory and later modify workspace steering files such as AGENTS.md, SOUL.md, and HEARTBEAT.md as part of installation. Although some later steps mention asking before installing the separate Proactivity skill, the self-improving setup itself does not require explicit user confirmation before making persistent filesystem changes, which can surprise users and alter future agent behavior without clear consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal