Self-Improving Global Safe

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local memory helper that stores and manages user-approved preferences in a named folder, with no executable code or network behavior found.

Install this only if you want OpenClaw to keep persistent local preference memory. Avoid storing secrets or sensitive personal information in corrections, and periodically review ~/.openclaw/self-improving/ if your preferences or project boundaries change.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

High

Confidence: 94% confidence
Finding: The trigger 'Forget everything' is highly destructive and broadly phrased, making accidental or ambiguous invocation plausible in normal conversation. Although the flow says to ask for deletion scope first, the command still maps to mass deletion behavior in a cross-session memory system, so misinterpretation or prompt collision could cause irreversible loss of user data across contexts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal