ClawHub

Self Improvement

Security checks across malware telemetry and agentic risk

Overview

This skill is openly for persistent self-improvement, but it encourages broad hooks, long-lived agent memory, and cross-session sharing without enough privacy and approval boundaries.

Install only if you intentionally want agents to keep persistent learning files and possibly update future instruction files. Keep hooks project-local, avoid empty matchers for always-on activation, redact secrets and private details before logging, and require human review before promoting entries into AGENTS.md, SOUL.md, TOOLS.md, CLAUDE.md, Copilot instructions, or new skills.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The empty matcher causes the hook to run on every prompt, which creates an always-on trigger surface for a self-improvement mechanism. In this skill context, that means unbounded collection/injection behavior can occur across all interactions, increasing the risk of prompt-context pollution, unintended persistence, and abuse if the hooked script is later modified or compromised.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The user-level configuration enables the hook globally for all sessions with no trigger constraints, extending the broad activation issue beyond a single project. This increases exposure because the behavior persists across unrelated workspaces and tasks, making accidental data capture, context contamination, or misuse more likely.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The Codex example repeats the unrestricted empty-matcher pattern, so the activator will fire for every prompt in that environment as well. Because this is presented as setup guidance, it normalizes broad, always-on behavior and increases the chance that operators deploy persistent hooks without understanding the security and privacy consequences.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document directs the system to promote learnings into persistent workspace files such as SOUL.md, TOOLS.md, and AGENTS.md without any safeguards around sensitive content, minimization, or consent. Because those files are injected into future sessions, mistakes, user-provided secrets, internal prompts, or sensitive operational context could be retained and repeatedly resurfaced across sessions.

Ssd 3

Medium
Confidence
91% confidence
Finding
The skill encourages persisting user corrections, requests, and contextual details into durable workspace memory and promoting them into shared instruction files. In an agent environment, this can capture sensitive or private user data and propagate it into future sessions, creating a durable data leakage and prompt-injection persistence channel.

Ssd 3

Medium
Confidence
95% confidence
Finding
The inter-session features explicitly describe reading other sessions' transcripts and sending learnings across sessions. Without strict access controls and sanitization, this enables cross-session disclosure of conversation content, potentially exposing secrets, proprietary code, or private user data beyond the original session boundary.

Ssd 3

Medium
Confidence
97% confidence
Finding
The logging templates ask for full context, inputs, parameters, error output, environment details, and user context, all of which commonly contain secrets or sensitive operational data. Storing this verbatim in durable markdown files materially increases the chance of credential leakage, privacy violations, and later exfiltration through repository sync or subsequent agent reads.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal