ClawHub

Self Evolution Pro

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it gives the agent broad self-modification, long-term memory, cross-session sharing, and scheduled review behavior without enough user control.

Install only if you intentionally want an agent that keeps long-term self-learning notes and may change future agent guidance. Require manual approval before saving sensitive content, promoting notes into instruction files, syncing sessions, spawning agents, scheduling reviews, or publishing generated skills; redact secrets and confidential project details from learning logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
90% confidence
Finding
Broad trigger phrases like everyday language can activate the skill unintentionally during normal conversation. In this skill, unintended activation is more dangerous because activation leads to persistent logging, possible extraction, and potential sharing workflows.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation logic mixes explicit phrases with subjective criteria such as '发现一个非显而易见的解决方案' and repeated mistakes, making it unpredictable when the skill will run. That ambiguity increases the chance of silent data capture or background workflow changes without the user's informed intent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs automatic logging of conversation-derived material to persistent local files without warning the user or establishing consent boundaries. Because the logged content can include corrections, errors, context, and discoveries, sensitive or proprietary data may be retained longer than expected.

Missing User Warnings

High
Confidence
98% confidence
Finding
Cross-session synchronization and history access enable movement of conversation-derived data between sessions without clear notice, consent, or scope limitation. This broadens exposure beyond the originating interaction and can leak sensitive project or user information into unrelated contexts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Scheduled self-review via cron can process stored user-derived data in the background after the original interaction has ended. Without notice and controls, this creates ongoing privacy and governance risk because retained data may be revisited or transformed without fresh user awareness.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill promotes reading session history and maintaining persistent learning logs across sessions without clear minimization boundaries. In context, a self-evolution skill is especially sensitive because it is designed to accumulate and correlate user-provided content over time, increasing privacy and data-governance risk.

Ssd 3

Medium
Confidence
94% confidence
Finding
The logging templates broadly encourage storing corrections, inputs, context, and metadata from conversations, which can capture sensitive information far beyond what is needed for learning. Persistent structured retention makes later exposure, misuse, or unintended propagation more likely.

VirusTotal

38/38 vendors flagged this skill as clean.

View on VirusTotal