ClawHub

self-improving-agent

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned, but it stores agent learnings and error context in persistent files and can promote or share them without enough privacy and scope safeguards.

Install only if you want a persistent agent learning-memory workflow. Keep hooks project-scoped where possible, avoid global empty-match hooks in sensitive workspaces, and review entries before saving or promoting them. Do not store raw secrets, tokens, customer data, private prompts, full environment dumps, or sensitive stack traces in .learnings/, MEMORY.md, AGENTS.md, SOUL.md, TOOLS.md, or cross-session messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

High
Confidence
82% confidence
Finding
This guidance recommends a user-level always-on hook with an empty matcher, causing a command to run on every prompt across all projects and sessions. Because hooks execute external scripts with the agent's permissions, global persistence materially increases blast radius and makes any compromised or unsafe script far more dangerous.

Ssd 3

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to immediately persist failures, corrections, capability gaps, and best practices into reusable workspace files, but it does not impose any filtering for secrets, personal data, tokens, proprietary prompts, or sensitive business context. In practice, user corrections and error logs often contain confidential inputs or tool output, so indiscriminate persistence can create durable local data leakage and unintended retention.

Ssd 3

Medium
Confidence
95% confidence
Finding
The templates explicitly capture fields such as user feedback, context, requested capability, source, related files, and detailed error text. Those fields can easily preserve sensitive user-supplied material, internal paths, operational details, or confidential error traces in long-lived files, making later exposure or over-sharing more likely.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill recommends syncing high-value learning to `MEMORY.md`, sharing key learning across sessions with `sessions_send`, and promoting repeated issues into broader rule files. This materially increases risk because data originally provided in one interaction can propagate across sessions, collaborators, or future tasks without consent boundaries, amplifying any earlier privacy leak.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal