Oathe Security Badge

Is engineering-team/self-improving-agent safe?

https://github.com/alirezarezvani/claude-skills/tree/main/engineering-team/self-improving-agent

82
SAFE

This skill provides legitimate memory management functionality for Claude Code's auto-memory system, allowing users to review, promote, and extract patterns from memory files. The main security concern is unexplained access to sensitive credential files during execution, though no data exfiltration was detected.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 70/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (3)

MEDIUM Sensitive File Access Without Apparent Need -30

The skill accessed multiple sensitive credential files including .env, SSH private keys, AWS credentials, Docker config, and GCloud credentials during execution. While no exfiltration was detected, this access pattern suggests overly broad file permissions or unintended side effects.

LOW Memory System Manipulation Capability -15

The skill provides commands to modify Claude's memory system, CLAUDE.md files, and .claude/rules/ directories. While designed for legitimate memory management, these capabilities could theoretically be misused to inject persistent instructions that affect Claude's behavior.

LOW Shell Hook Script Present -10

The skill includes error-capture.sh, a PostToolUse hook that monitors bash command output for error patterns. The script appears benign, only detecting errors and suggesting memory commands, but represents executable code in the skill package.