ClawHub

hermes-learning-loop

Security checks across malware telemetry and agentic risk

Overview

This is not malware, but it asks the agent to automatically save task lessons and modify long-term memory or skills without clear user approval or privacy limits.

Install only if you intentionally want a persistent self-learning journal for the agent. Require approval before writes to memory or skills, review proposed diffs, and avoid storing secrets, customer data, private prompts, exact file paths, credentials, or sensitive task details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill says it should trigger after complex tasks, periodic reviews, and extracting lessons from errors, which are broad conditions that could cause the skill to activate in many unrelated contexts. Over-broad invocation can lead to unnecessary persistent logging and memory updates, increasing the chance of capturing sensitive user data or interfering with normal task execution.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Terms like 'complex task,' 'non-trivial reusable workflow,' and 'must persist when user corrected the process' are ambiguous and leave too much discretion to the agent. In practice, this can cause excessive or inconsistent retention of interaction details, including corrections that may contain sensitive operational or personal information.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill directs the agent to keep daily logs of valuable operations and lessons learned in persistent memory files. Because these logs are plain-language summaries of real tasks, they can easily capture confidential prompts, user corrections, internal workflows, credentials, business context, or sensitive file names, creating long-term data retention and secondary disclosure risk.

Ssd 3

Medium
Confidence
98% confidence
Finding
This section requires immediate persistence of errors and user corrections, which are especially likely to include sensitive details because they often contain the exact content that failed or was corrected. Storing such material in long-term memory expands exposure beyond the original session and can later leak through retrieval, summaries, or unrelated task context.

Ssd 3

Medium
Confidence
96% confidence
Finding
The periodic review process instructs the agent to read recent memory logs and summarize them into MEMORY.md, which propagates previously retained sensitive information into a broader and more frequently loaded memory surface. This increases both the persistence and the accessibility of confidential content, making accidental reuse or leakage more likely across future sessions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal