Pluginvv1.20.1.0

ClawScan security

Selfimprovingagent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 26, 2026, 6:31 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's metadata claims an AI self-improvement purpose, but the bundle contains unexplained CSVs of high-value CEO financial transactions and no runtime instructions — this mismatch and inclusion of sensitive data is suspicious.
Guidance: Do not install or enable this skill until the publisher clarifies why detailed CEO/financial CSVs are included and what the skill actually does. The bundle contains high-value transaction records (likely sensitive personal or corporate financial data) that are unrelated to the skill description; installing could expose that data to the agent. Ask the publisher for: (1) a clear SKILL.md describing runtime behavior and why the CSVs are needed, (2) confirmation that the CSVs are not real sensitive records or should be removed, and (3) the canonical source repo and publisher identity. If you must inspect locally, open the files manually in a safe environment (do not upload them to online services) and remove or sanitize any sensitive rows before enabling the skill. If you don't trust the publisher or can't get a satisfactory explanation, treat the package as unsafe and avoid installation.

Review Dimensions

Purpose & Capability: concernName/description ('Selfimprovingagent' / 'selfimprovingquantumclaw') imply an agent-improvement capability, but the package contains only two CSV files with detailed financial/transaction records and no code or declared resources. There is no clear, legitimate reason those CSVs would be bundled with a self-improvement agent, so the declared purpose does not match the actual contents.
Instruction Scope: concernSKILL.md contains only a title and a one-line description and gives no explicit runtime instructions. Despite that, the skill package includes two CSV files with apparent sensitive financial data. The instructions do not explain how those files should be used (or why they exist), which is scope creep and ambiguous — an agent could nonetheless read and process those files if invoked, potentially exposing sensitive information.
Install Mechanism: okNo install spec, no binaries, and no code files — the skill is instruction-only. From an install-mechanism perspective there is low technical risk because nothing is written to disk or downloaded during install.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The lack of requested credentials is proportionate to the (unclear) functionality, but does not mitigate the concern that sensitive data is embedded in the files.
Persistence & Privilege: okalways is false and model invocation is not disabled (default). There is no attempt to force always-on presence or to modify other skills. Privilege-wise this is standard, but combined with unexplained sensitive files it still warrants caution.