ClawHub

Agent Learner

Security checks across malware telemetry and agentic risk

Overview

Agent Learner is a disclosed local logging tool for agent experiments, with the main caution that it stores user-entered prompts and notes in plaintext on disk.

Install only if you want a local plaintext notebook for agent experiments. Do not log API keys, customer data, confidential prompts, private model instructions, or sensitive evaluation results unless local plaintext storage, later search, and export are acceptable in your environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The skill is presented as a benchmarking/comparison tool, but the documented behavior is materially broader: it supports persistent logging across many categories, full-text search, export of all stored data, and filesystem/activity reporting. That mismatch can cause users or upstream systems to grant trust or pass sensitive prompt, evaluation, or cost data without realizing it will be retained and later searchable/exportable, increasing confidentiality risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation emphasizes plain-text persistent logs, history retention, and export capabilities, but does not warn users that prompts, benchmark inputs, evaluations, or cost/usage records may contain secrets, proprietary data, or personal information. In an agent-tuning context this is more dangerous because prompts and evaluation artifacts often embed API keys, internal instructions, customer data, or model outputs that should not be broadly retained or exported.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
User-supplied input is silently persisted to disk under ~/.local/share/agent-learner, with no consent prompt, redaction, or warning. In the context of an agent-tuning skill, inputs may contain prompts, evaluation outputs, API fragments, or proprietary model data, so silent retention can expose sensitive information to other local users, backups, support bundles, or later exports.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The export feature aggregates all stored logs into json/csv/txt files without any privacy warning, filtering, or access controls. That makes it easy to duplicate sensitive historical content into broadly shareable files, increasing the chance of accidental disclosure of prompts, evaluation records, or embedded credentials.

Ssd 3

Medium
Confidence
95% confidence
Finding
The tool is designed to persist all user inputs and then expose them through search, recent-display, status, and bulk export functions in plaintext workflows. For a skill dealing with prompts and evaluations, this materially increases the risk of local data leakage because sensitive model inputs/outputs can be surfaced or recopied long after entry, even if users did not realize collection was happening.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal