Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Workspace

v1.0.0

Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...

⭐ 0· 495·1 current·1 all-time

by@2575674813

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The SKILL.md describes a self-improving memory/heartbeat system which legitimately needs to read/write a small set of workspace files. However the bundle includes hundreds of code files (searchers, scrapers, installers, system-permission scripts, skill-publisher/evolver tools, identity utilities, aggressive optimization/plagiarism-reduction tooling, get-pip, install scripts, etc.). The registry metadata said 'instruction-only' / 'no install spec' and 'no required env vars', yet the repository contains modules that expect API keys, perform web scraping, install packages, and modify skills. The presence of a large research+automation suite (slug 'bridge-research-suite') is disproportionate to the simple 'Self-Improving' description and suggests either a bundled platform or accidental mismatch.

Instruction Scope

SKILL.md instructs the agent to create and use ~/self-improving/, to read AGENTS.md, SOUL.md, USER.md and daily memory files, and to run setup.md when missing. Those operations require file-system read/write and potentially running setup scripts. The repo contains many setup/install scripts (setup_*.sh, install_system_packages.sh, install_skills.py, extract-skill.sh) and automation hooks that the SKILL.md implies could be executed; the instructions also encourage proactive background actions and pushing changes — that gives the agent broad discretion to modify files and run installers beyond the narrow 'memory' scope.

Install Mechanism

The skill is claimed to be instruction-only (no install spec) but the package includes many executable scripts, install helpers (get-pip.py, setup_*.sh, install_skills.py), and archives. Because there is no declared install mechanism, these code files might not normally run — but SKILL.md's 'run setup.md' guidance and included scripts provide a pathway to execute arbitrary installs. The repository does not point to trusted external release hosts for binary downloads; local scripts could install packages or change system state if executed.

Credentials

Registry metadata claims 'no credentials required' yet code contains components that clearly expect credentials (e.g., academic_paper_searcher.Aca demicPaperSearcher requires a ScraperAPI api_key), network access for scrapers, and identity modules (verified-agent-identity) that handle keys and signatures. SKILL.md lists configPaths like ~/self-improving/ (file-system access) and optional AGENTS.md/SOUL.md which lets the skill read and write personal workspace files. The set of requested/implicit accesses (filesystem, network, potential API keys, ability to install packages) is broader than the declared zero-env-vars, which is an incoherence and privacy/credential risk.

Persistence & Privilege

always:false (good), and default platform autonomy is allowed. However included files express 'auto_skill_override' and 'skill publisher' / 'auto_solidify_no_ask' behavior (e.g., absolute_silence_v14.json and capability-evolver/publisher code) that would autonomously solidify or publish skills without prompting. The package contains scripts for installing skills, modifying permissions, and self-repair — combined with autonomous invocation this could persist or escalate privileges. The SKILL.md itself recommends proactive background work and writing to workspace files, which grants ongoing presence in the user's filesystem.

What to consider before installing

This package contains an instruction-only SKILL.md that makes sense for a self-improving memory, but the repository also includes hundreds of scripts and automation tools that can install packages, run scrapers, change permissions, modify or publish skills, and read/write user files. Before installing or enabling this skill: 1) Do not run it with autonomous execution turned on; require explicit confirmation for any actions that write files or run scripts. 2) Inspect setup.md and any install_*.sh / install_skills.py / extract-skill.sh before allowing them to run — prefer to run these in an isolated sandbox or ephemeral VM. 3) Do not supply any API keys or credentials unless you audit exactly which component needs them (e.g., ScraperAPI) and why. 4) Search the repo for phrases like "auto_solidify", "auto_skill_override", "install_skills", "install_system_packages.sh", "get-pip.py", and "gui_permission" and review those files carefully — they indicate the skill can change system state and autonomously persist. 5) If you want only the small self-improving memory behavior, ask the author for a minimal variant that only reads/writes a narrow, user-approved directory and removes any installers, scrapers, skill-publisher, or identity tooling. 6) If you proceed, run first in an isolated environment with network disabled (or strictly limited) and no access to your real credentials or important files.

✗

skills/capability-evolver/index.js:214