Self Improving Agent 3.0.0
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill appears purpose-aligned and not malicious, but it should be reviewed because it persists agent memories/instructions and documents cross-session sharing without clear approval boundaries.
Install only if you want a persistent learning and memory workflow. Before enabling hooks or using cross-session tools, decide which files it may write, require approval before promoting learnings into agent instruction files, redact secrets from errors and transcripts, and periodically review or delete stored learnings.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or sensitive learning could be saved and then influence future agent behavior or expose private project details in later sessions.
The skill explicitly stores learnings/errors and promotes them into files that become future agent context. Incorrect, sensitive, or poisoned entries could persist and be reused, and the artifacts do not show required redaction, retention, rollback, or user-review controls.
“important learnings get promoted to project memory” and “OpenClaw injects these files into every session: ... AGENTS.md ... SOUL.md ... TOOLS.md ... MEMORY.md ... .learnings/”
Require explicit user approval before promoting entries to AGENTS.md, SOUL.md, TOOLS.md, MEMORY.md, CLAUDE.md, or Copilot instructions. Add redaction guidance and periodically review or prune .learnings and memory files.
Private conversation content or project context could be moved between sessions, and background agents could continue work without clear user visibility.
The documented workflow includes cross-session transcript access, message sending, and background sub-agent spawning, but the artifacts do not define identity checks, session-selection limits, approval requirements, or data boundaries.
“sessions_history — Read another session's transcript”, “sessions_send — Send a learning to another session”, “sessions_spawn — Spawn a sub-agent for background work”
Use cross-session tools only with explicit user approval. Limit which sessions can be read or messaged, avoid sending full transcripts or secrets, and require confirmation before spawning sub-agents.
If enabled, the hooks will run in the same local environment as the agent, so they inherit the agent's local permissions.
The skill documents opt-in hook commands that execute local shell scripts. This is disclosed and purpose-aligned, and the reviewed scripts only emit reminders or create user-directed local scaffolding.
“type”: “command”, “command”: “./skills/self-improvement/scripts/activator.sh” ... “Hook scripts run with the same permissions as Claude Code”
Inspect the scripts before enabling hooks, keep hook configuration project-scoped where possible, and disable the hooks if persistent reminders are not desired.
Future sessions may receive self-improvement reminders automatically, which can influence the agent to record or promote learnings.
When the optional OpenClaw hook is enabled, it automatically injects a reminder into agent bootstrap context. This is disclosed and limited to a reminder, but it is persistent behavior across sessions.
event.context.bootstrapFiles.push({ path: 'SELF_IMPROVEMENT_REMINDER.md', content: REMINDER_CONTENT, virtual: true })Enable the hook only if you want recurring startup reminders, and disable it if the skill becomes intrusive or if memory changes should be fully manual.