ClawHub

Cognitive Self Training

Security checks across malware telemetry and agentic risk

Overview

This skill creates a local cognitive-training memory store and optional scheduled review workflow; its persistence is disclosed and purpose-aligned, but users should review scheduling and memory-file updates before enabling them.

Install only if you want a persistent local training log. Keep the store project-local, decline scheduled automation unless you intentionally want recurring reviews, and review any proposed edits to AGENTS.md, SOUL.md, MEMORY.md, CLAUDE.md, TOOLS.md, or copilot instructions before allowing them. Do not let it record secrets, private transcripts, health details, or third-party personal data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill goes beyond formatting or local self-review by instructing the agent to create host-level recurring automation such as cron jobs or thread heartbeats. Persistent automation can outlive the initiating session, trigger without fresh user intent, and expand the skill's operational scope into system/task scheduling, which increases the chance of unwanted actions or persistence abuse.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill authorizes modification of broad instruction and memory files such as AGENTS.md, SOUL.md, TOOLS.md, MEMORY.md, CLAUDE.md, and copilot instructions, which can alter future agent behavior outside the narrow self-training context. Even with partial cautions, this creates a pathway for durable prompt/instruction injection and cross-project behavior changes if the agent writes into shared control files.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation triggers are overly broad, including common phrases like remember, review, train, improve, or prepare for tomorrow. This can cause the skill to engage during ordinary conversations where the user did not intend durable logging or memory updates, leading to unintended persistence and scope creep.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Dream review can be triggered by ambiguous phrases such as 'sleep on it,' 'deeply consolidate,' or 'research today's lessons,' which overlap with ordinary user language. Because dream review writes files and performs structured analysis, broad triggers increase the chance of unrequested persistence or processing of sensitive session content.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
The skill mandates a Chinese concluding paragraph with no user opt-in, overriding user language preferences and potentially violating downstream formatting or policy constraints. In agent settings, hardcoded output-language requirements can be used to manipulate response behavior, obscure reviewability for some users, and conflict with system or task instructions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to write `.cognitive-training/dreams/YYYY-MM-DD.md` on the local filesystem without requiring explicit user consent, prior disclosure, or a dry-run alternative. In an agent context, implicit file writes can create unauthorized state changes, leak sensitive reasoning into persistent storage, and surprise users who expected analysis-only behavior.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The template hard-codes a Chinese-language summary requirement ('用不超过300个中文字符') without any indication that this should depend on the user's language preference or explicit opt-in. In an agent skill, this can override user expectations, reduce usability, and cause policy or product noncompliance around localization and consent, especially when the rest of the template is otherwise language-agnostic.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal