ClawHub

Self Improving Agent CN

Security checks across malware telemetry and agentic risk

Overview

This skill is a local memory helper, but it can automatically store and spread user corrections, project details, and future agent guidance without enough user approval controls.

Install only if you deliberately want persistent local agent memory. Before using it, require explicit approval for each memory write, any AGENTS.md or MEMORY.md update, git backup, cross-project sync, and any sudo or global install command; regularly inspect and delete stored JSONL memory entries that contain secrets, private paths, or bad guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill explicitly describes reading and writing persistent files such as ~/.openclaw/memory/self-improving/, .learnings/, AGENTS.md, and MEMORY.md, but does not declare corresponding permissions. Hidden or undeclared file access weakens user consent and platform enforcement, especially because the writes are automatic and persistent across sessions and projects.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases for user corrections (such as '不对', '错了', '应该') are extremely broad and can appear in ordinary conversation. This can cause the skill to persist unintended content as long-term memory, including sensitive or context-specific statements that were never meant to become durable preferences.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The 'better method' triggers are ambiguous and may activate on casual suggestions or hypothetical discussion rather than durable guidance. In a self-improving skill, this can poison future behavior by storing low-quality, unverified, or context-bound advice as a best practice.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The outdated-knowledge triggers ('过时了', '已废弃', '新版是') are too broad to safely drive automatic memory updates. An accidental or adversarial statement could mark correct guidance as obsolete and replace it with incorrect instructions that persist into later sessions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises automatic recording and synchronization into multiple persistent locations, but does not present a clear upfront warning or consent flow for these writes. Users may unknowingly permit durable storage of personal preferences, corrections, and project content across scopes they did not intend.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The description claims broad self-improvement and long-term memory behavior without defining when the skill should activate, what data it may retain, or what boundaries govern its operation. In a meta-skill that captures errors, user corrections, and best practices, vague scope can lead to over-collection, unintended persistence of sensitive user content, and unexpected autonomous behavior across unrelated tasks.

Ssd 3

Medium
Confidence
96% confidence
Finding
Cross-project synchronization of corrections and preferences into global memory, .learnings/, AGENTS.md, and MEMORY.md creates a real data retention and data leakage risk. Context-specific or sensitive information from one project can be propagated into another environment, exposing private details and contaminating future outputs.

Ssd 3

Medium
Confidence
95% confidence
Finding
Automatic logging of user corrections and related session content can capture sensitive information, secrets, internal paths, or private preferences embedded in natural language. Because the logging is persistent and later reused, the harm extends beyond the original conversation and may influence future actions or disclosures.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
**AI动作**:
1. 记录错误到 `errors.jsonl`
2. 下次执行前检查记忆
3. 自动改用: `sudo npm install -g xxx` 或本地安装

### 场景3:发现更好做法
Confidence
88% confidence
Finding
sudo

Session Persistence

Medium
Category
Rogue Agent
Content
```bash
# 创建记忆目录
mkdir -p ~/.openclaw/memory/self-improving

# 使用本skill
cat ~/.openclaw/skills/self-improving-agent/SKILL.md
Confidence
87% confidence
Finding
mkdir -p ~/.openclaw/memory/self-improving # 使用本skill cat ~/.openclaw/skills/self-improving-agent/SKILL.md ``` ## 使用方法 ### 1. 记录错误(自动) 当命令失败时,自动记录到错误库: ```bash # 脚本会自动捕获并记录 python3 ~/.openclaw/sk

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal