ClawHub

Self Improving 1.2.16

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about persistent self-improvement memory, but it needs review because it can automatically store user corrections and may export memory before wiping it.

Install only if you want the agent to keep long-term local memory of corrections, preferences, and work patterns. Review edits to AGENTS.md, SOUL.md, and HEARTBEAT.md, inspect ~/self-improving/ periodically, avoid storing sensitive information there, and treat “forget everything” carefully because the artifacts may export memory before deleting it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to automatically persist user corrections, preferences, and repeated instructions into local memory files, but it does not require explicit user consent at the point of collection or a prominent warning that sensitive content may be retained. Even though it says not to store credentials and certain categories of data, users may still reveal confidential project details, personal preferences, or other sensitive information in normal conversation, causing unintended long-term retention.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrase "forget everything" is broad enough that it could appear in normal conversation, emotional statements, or quoted text, causing an unintended destructive action. In a self-improving memory skill, accidental activation is especially risky because it can wipe state and disrupt expected behavior without a deliberate, authenticated deletion request.

Missing User Warnings

High
Confidence
98% confidence
Finding
Exporting current memory to a file before deletion creates a new sensitive artifact that may persist longer, be stored insecurely, or be exposed through logging, syncing, or later access. This is more dangerous in this skill because its purpose is to retain learned user context, so the exported file may aggregate sensitive behavioral and personal data into a single high-value target.

Missing User Warnings

Low
Confidence
95% confidence
Finding
The template explicitly instructs creating persistent files and directories under the user's home directory, which modifies local state without any user-facing warning, confirmation step, or explanation of side effects. In a self-improving agent context, this is more sensitive because it establishes long-lived storage that could accumulate user data or corrections over time, increasing privacy and integrity risks if done implicitly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes automatic loading, writing, updating, and long-term retention of memory files based on user interactions and corrections, but it provides no explicit user-facing notice, consent flow, or retention controls at the point of collection. In a self-improving agent, this is particularly risky because users may reveal sensitive preferences, project details, or operational history that become persistently stored without clear awareness, creating privacy and compliance exposure.

Missing User Warnings

Low
Confidence
95% confidence
Finding
The setup directs the agent to create and later modify persistent files under the user's home directory and workspace configuration files (`AGENTS.md`, `SOUL.md`, `HEARTBEAT.md`) without first requiring explicit user confirmation for each state-changing action or clearly warning that local configuration will be altered. In an agent-skill context, this is risky because it establishes durable behavioral steering and memory outside the immediate task, which can silently expand the agent's influence across future sessions.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal