ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Xiaopi Self Improving

v1.0.0

AI自我改进与记忆系统 - 解决'同类错误反复犯、用户纠正不长记性'的痛点。自动捕获错误、用户纠正、最佳实践,并转化为长期记忆。

0· 66·1 current·1 all-time
byAdin@a-din·fork of @zhengxinjipai/self-improving-agent-cn (1.0.0)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description and the provided Python scripts (log_error, log_correction, log_best_practice, check_memory) are coherent with a local self-improvement/memory feature that writes JSONL records under ~/.openclaw/memory/self-improving. No unrelated credentials, binaries, or installers are requested. However, SKILL.md claims additional capabilities (automatic cross-project sync to .learnings/, AGENTS.md, MEMORY.md) that are not implemented in the included code—an overstatement of capability.
!
Instruction Scope
SKILL.md repeatedly describes automatic triggers (capture on command failures, capture on user corrections via keywords, automatic edits to AGENTS.md and project files) but the codebase contains only simple CLI scripts; there is no listener/daemon, no code that writes to project .learnings/, AGENTS.md, or MEMORY.md, and no mechanism to hook into shell exit codes or chat input. The instructions therefore grant the agent broad discretion (to auto-run scripts, modify project files) that the code does not actually implement — this mismatch could mislead users and cause surprises if an agent is configured to implement the 'automatic' behavior. Also, there is no sanitization of recorded content: commands and error messages written to disk could contain secrets.
Install Mechanism
No remote install/download steps, no external packages, and no install spec. The skill is distributed as local scripts and SKILL.md; no network retrieval or archive extraction is present in the package, which lowers supply-chain risk.
Credentials
The skill requires no credentials or environment variables — proportional given its local-memory purpose. However, it writes arbitrary user-supplied strings (commands, errors, corrections) to persistent JSONL files in the user's home directory; that can inadvertently capture sensitive data (passwords, tokens) if those appear in commands or messages. SKILL.md recommends '脱敏' (desensitization) but there is no code enforcing it.
Persistence & Privilege
The skill is not marked always:true and requests no elevated privileges. It creates and writes files under the user's home (~/.openclaw/memory/self-improving) which is expected for this feature. If an agent is configured to autonomously invoke the scripts, the agent could populate persistent memory — this is normal platform behavior but combined with the instruction scope mismatch and lack of sanitization increases privacy risk.
What to consider before installing
This skill appears to be a simple local recorder for errors, corrections, and best practices — the shipped scripts match that. However, SKILL.md claims automatic cross-project syncing and automatic captures that are not implemented in the code; do not assume the skill will safely and automatically sanitize or sync memories. Before installing or enabling autonomous invocation: 1) Inspect and test the scripts in a safe environment; run them manually to see what gets written under ~/.openclaw/memory/self-improving. 2) Avoid passing secrets in commands or messages the skill might record; consider adding or requesting sanitization before use. 3) If you expect 'automatic' behavior (capture on every failed command or every chat correction), realize additional integration code or agent policies would be required — otherwise nothing will be auto-triggered. 4) If you want automatic syncing to project files or AGENTS.md, ask the author for a clear, auditable implementation (or implement it yourself) rather than relying on the SKILL.md claims. 5) If enabling autonomous agent invocation, restrict when the agent can call these scripts and review recorded files regularly (or put the memory directory under a repo with review) to reduce accidental data leakage.

Like a lobster shell, security has layers — review code before you run it.

latestvk97da4pqwd7qycwstyyfn19gwd83sn67

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments