Claw Self Improving Plus

Security checks across malware telemetry and agentic risk

Overview

This is a local, review-first learning workflow that can update agent memory files only after explicit approval, with no evidence of hidden network, credential theft, or destructive behavior.

Install this if you want a local, human-reviewed memory improvement pipeline. Review every generated patch before approving it, use --dry-run before applying changes, and avoid feeding untrusted or hand-crafted patch JSON into the apply step.

SkillSpector

By NVIDIA

Vulnerability Patterns

Memory PoisoningPersistent Context Injection, Context Window Stuffing, Memory Manipulation
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill clearly instructs use of file reads, file writes, and shell-executed scripts, but it does not declare those permissions. That mismatch weakens security review and consent boundaries because an agent or platform may not surface the true operational capability before the skill is used.

Persistent Context Injection

Medium

Category: Memory Poisoning
Content: 1. `reuse_value`: will this help again? 2. `confidence`: how well supported is it? 3. `impact_scope`: how broadly does it matter? 4. `promotion_worthiness`: should it become a lasting rule or memory? 5. `promotion_target_candidates`: where should it go if promoted? Use this practical rubric:
Confidence: 88% confidence
Finding: a lasting rule

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal