ClawHub

Self-Learn

Security checks across malware telemetry and agentic risk

Overview

This skill openly adds a local memory habit for corrections and lessons, but it should only be installed by users who want persistent learning across tasks.

Install only if you want the agent to remember corrections and lessons over time. Periodically review memory/corrections.md and stored memories, and avoid giving correction examples that contain secrets, personal details, or sensitive workflow information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill is configured to activate on very broad, ordinary conversational patterns such as user corrections, preferences, and after any task completion. In context, that means it can silently trigger persistence behavior during normal use, increasing the chance of collecting and storing unintended user data or internal reflections without explicit consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This instruction tells the agent to append user corrections into a persistent file automatically, but the skill does not require a visible disclosure or consent step before modifying long-term memory. Even if intended for helpful personalization, silent persistence can retain sensitive preferences, behavioral history, or other user-derived data beyond what the user expects.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill directs the agent to self-evaluate after every task and log lessons persistently if deemed useful, creating a broad default pathway for storing information after routine interactions. In context, this is more dangerous because the content of self-evaluations may indirectly include user data, task details, or inferred preferences, and the logging happens without clear disclosure to the user.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal