ClawHub

Self Evolving Blueprint

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local-memory blueprint skill; it can affect persistent agent memory files, but the behavior is aligned with its purpose and includes user controls.

Install only if you want OpenClaw to maintain persistent local memory about you and your work. Back up the workspace first, review the templates before copying them over existing files, and treat “整理一下” as an explicit command to read and organize memory files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The skill claims it will not automatically modify files, yet its documented workflow instructs creating directories and replacing or copying core workspace files. Even if the text describes manual setup rather than autonomous execution, this is still a misleading safety claim that can cause users to underestimate the risk of persistent local changes to identity, memory, and agent configuration files.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrase "整理一下" is short, common, and likely to appear in ordinary conversation, yet it initiates a multi-step workflow that reads prior logs and memory and can later write updates. That creates a prompt/intent ambiguity risk: a user may casually use the phrase without realizing it invokes persistent-memory operations, leading to unintended data access or state changes.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase “整理一下” is broad and conversational, yet it launches a multi-step workflow that reads prior logs, checks memory artifacts, and later writes or updates persistent files. Because the phrase can naturally appear in ordinary chat, the skill risks unintended activation of stateful behavior, including access to stored memory and preparation for file modifications, which can violate user intent and privacy expectations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal