ClawHub

Self Improving Agent

Security checks across malware telemetry and agentic risk

Overview

This self-improvement skill is purpose-aligned, but it encourages durable logging and cross-session sharing of potentially sensitive conversation and error context without enough redaction or consent guidance.

Review before installing. Use this only for projects where persistent learning memory is acceptable, keep hooks project-scoped where possible, avoid global hook activation, and require sanitized summaries only. Do not log secrets, credentials, tokens, raw prompts, customer or personal data, full stack traces, private URLs, or verbatim transcript content; review anything before promoting it into always-loaded agent files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The document’s security section inaccurately minimizes risk by stating the scripts 'only output text' and 'don’t modify files or run commands,' while the same document configures those scripts to execute as command hooks. This can mislead users into enabling automatically executed scripts with undue trust, increasing the chance they deploy code with broader capabilities than advertised.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs persistent logging of corrections, errors, and context into markdown files without any privacy screening, secret redaction, or sensitivity warning. In real usage, these logs can easily capture API keys, personal data, proprietary code details, or internal operational information and retain them indefinitely.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The document instructs users to log learnings, errors, and tool issues into persistent workspace files, but it does not warn against storing secrets, prompts, credentials, internal paths, or sensitive session content. In an agent environment, failures and corrections often contain sensitive operational context, so this creates a realistic risk of unintended retention and later disclosure.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill normalizes storing user-provided details and sharing learnings across sessions, but it provides no scoping, minimization, or access-control guidance. That creates a straightforward path for natural-language data exfiltration into durable files and other agent contexts where sensitive content may spread far beyond the original session.

Ssd 3

High
Confidence
98% confidence
Finding
The logging template explicitly asks for full context, which encourages copying rich conversational and operational details into plain markdown. Plain-language summaries often still contain secrets, internal architecture details, incident specifics, or personal information, making the leak surface both broad and durable.

Ssd 3

High
Confidence
99% confidence
Finding
Recording the exact inputs or parameters used during failures is dangerous because commands often include secrets, environment values, database URLs, file paths, or customer identifiers. Persisting these details in markdown materially increases the chance of credential leakage and operational exposure.

Ssd 3

High
Confidence
97% confidence
Finding
Presenting transcript reading and message passing as normal mechanisms for sharing learnings creates a direct avenue to propagate sensitive information from one session to another. Because transcripts can contain user prompts, outputs, code, and operational details, this significantly enlarges the blast radius of any sensitive disclosure.

Ssd 3

Medium
Confidence
92% confidence
Finding
The guidance to 'promote aggressively' into long-lived instruction files increases persistence and distribution of whatever was logged earlier, including potentially sensitive or low-quality content. This turns one-time session data into durable ambient context that may influence future sessions and leak further.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal