ClawHub

Adaptive Skill Stack

Security checks across malware telemetry and agentic risk

Overview

This skill is openly self-evolving, but it automatically stores task-derived capabilities and can change support files after every use without clear per-change approval.

Install only if you deliberately want a skill that evolves over time. Review proposed changes to its registry, protocols, knowledge files, templates, and generated scripts, and avoid using it with secrets or confidential task details unless you are comfortable with derived information persisting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill description is framed so broadly—covering cross-domain tasks, adaptive behavior, and continual evolution—that it could be invoked for many ordinary requests beyond a narrowly intended scope. Overbroad triggering increases the chance that file-writing and persistence behaviors activate in contexts where the user did not expect stateful mutation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The workflow says each task must read prior state, analyze the task, and write new capabilities or methods into persistent files, but it does not require warning the user that task-derived data may be stored. That omission can lead to silent retention of sensitive prompts, proprietary workflows, or personal information in long-lived files.

Vague Triggers

High
Confidence
91% confidence
Finding
The capability '自适应需求解析' is configured to activate for all user inputs, which creates an always-on decision layer with no explicit scope boundaries or user consent gate. In the context of a self-evolving skill that can stack capabilities and write to reference files, such universal triggering increases the chance of unintended behavior, overreach into unrelated tasks, and unsafe autonomous adaptation.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The statement that post-task capability recording 'automatically activates after every task' is overly broad and ambiguous, especially for a skill designed to persist changes to its own reference materials. This can cause unauthorized persistence of task-derived content, including accidental retention of sensitive data, prompt-injected instructions, or low-quality capabilities without human review.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The file describes analyzing new capabilities and writing them into the registry using file I/O, but it does not clearly warn users that task interactions may modify persistent files. In a self-modifying or self-extending skill, lack of explicit disclosure and consent around file writes is dangerous because adversarial or accidental inputs could permanently alter future behavior and create a persistence mechanism for harmful instructions.

Ssd 3

Medium
Confidence
96% confidence
Finding
The core design of the skill is to 'continuously evolve' by writing knowledge from each use into reference files, which establishes default long-term retention of task content. In a general-purpose adaptive skill, that makes sensitive user information, internal business context, or confidential instructions likely to be stored without sufficient constraints.

Ssd 3

Medium
Confidence
98% confidence
Finding
The mandatory post-task sequence operationalizes data retention by requiring information from every task to be written into persistent files. Because it applies universally after task completion, it creates a systematic leakage path for sensitive task details and amplifies harm across repeated use.

Ssd 3

Medium
Confidence
96% confidence
Finding
The knowledge expansion section instructs the agent to append newly obtained domain knowledge from each use into persistent files, which can easily capture user-supplied confidential material under the label of 'knowledge.' This is especially risky because the skill is designed for cross-domain tasks, where inputs may include sensitive legal, medical, financial, or proprietary information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal