ClawHub

Self Improving 1.1.3

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local-memory skill that can retain user corrections and preferences, so it is privacy-sensitive but purpose-aligned.

Install only if you want the agent to keep long-lived local memory. Do not store secrets, credentials, customer data, medical details, or private third-party information in ~/self-improving/, and periodically review or delete entries you no longer want retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The kill-switch phrase "forget everything" is common natural language and can be triggered unintentionally during ordinary conversation, quotations, testing, or prompt-injection-style content. In a self-improving memory skill, accidental activation could erase learned state or export memory at the wrong time, causing denial of service and possible privacy exposure during the export step.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill automatically loads memory files at session start without any explicit notice or consent step, which can expose previously stored personal or sensitive context to the agent before the user realizes persistence is active. In a self-improving memory skill, this behavior increases privacy risk because the feature is specifically designed to retain and reuse prior interactions across sessions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The correction-handling workflow persists new information and updates indexes automatically, but does not require confirmation that the user intends the information to be stored long-term. This can lead to unintended retention of sensitive preferences, project details, or mistakes, and because the skill is designed to 'improve permanently,' the persistence risk is more significant in context.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The weekly maintenance job performs background movement, archival, and compaction of stored data without describing user notification or approval, which creates a transparency and data-governance issue. Automated archival can make data harder to discover or delete and may preserve information longer than the user expects, especially in a memory-management skill handling accumulated history.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This documentation instructs the agent to read, rebuild, and maintain persistent memory and index files, including recovering from corruption, without any explicit safeguards around user consent, scope limits, or change confirmation. That creates a real risk of unauthorized modification, retention, or reconstruction of user data, especially because the skill is specifically designed for self-improvement and permanent learning across sessions.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal