ClawHub

Auto Reflection

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local reflection helper that writes learning summaries and status files, with cautions about persistence but no evidence of malware.

Install only if you want an automatic local reflection workflow that writes to the OpenClaw workspace. Review or back up HEARTBEAT.md, capabilities.json, knowledge-graph.json, logs, and generated reports, and consider narrowing triggers or requiring confirmation before writes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger list includes broad natural-language terms such as 'reflection' and '学习优化', which could match ordinary user conversation and cause the skill to activate unintentionally. Because the skill is documented as performing automatic updates and file writes, accidental activation could lead to unexpected state changes and persistence without clear user intent.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The automatic trigger conditions are underspecified: phrases like 'every 5 rounds' and 'after each learning round' do not define what counts as a round, who tracks it, or what user consent is required. Ambiguous automation boundaries increase the risk of the skill running unexpectedly and modifying files or metadata at times the user did not intend.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill states that it will automatically insert reflection content into HEARTBEAT.md, which is a persistent file modification, but it does not present a clear warning, confirmation step, or scope limitation. Silent or poorly signposted writes can overwrite user-maintained content, create audit noise, or persist sensitive summaries in project files.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documented behavior includes saving reflection reports to disk and updating capabilities metadata timestamps and versions, yet there is no clear warning about persistent writes, retention, or possible exposure of internal analysis data. In practice, this can create unintended data persistence, leak workflow history, and alter metadata relied on by other tools.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal