Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Aj Self Improving Agent
v1.0.0Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⭐ 0· 77·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill’s code (hook handlers, activator, error-detector, extract-skill) and docs are coherent with the stated purpose of logging learnings and injecting reminders. Recommending copy/enable of hooks into OpenClaw/Claude and providing scripts to create skill scaffolds is expected for this use case. Minor inconsistency: SKILL.md suggests cloning from two different GitHub usernames (peterskoett vs pskoett), which should be verified by the user.
Instruction Scope
The SKILL.md explicitly recommends appending 'Full source of all included files' into error logs and to 'review these carefully' — that encourages storing entire file contents (potentially including secrets, credentials, or private endpoints) in .learnings. The docs also promote elevating entries to workspace-wide files and cross-session sharing (sessions_send), increasing blast radius if sensitive data is logged. The hooks/scripts instruct reading CLAUDE_TOOL_OUTPUT and placing files under ~/.openclaw or ~/.claude — these are reasonable for the feature but widen scope and risk when enabled broadly.
Install Mechanism
There is no automated install spec (instruction-only), which is low-risk. Manual install guidance points at public GitHub repos (git clone) — normal for community skills, but verify the correct repository and checksum. All code is included in the package (hooks and scripts) so nothing is downloaded at runtime. extract-skill.sh writes files into the local workspace but includes checks to avoid absolute or parent-path writes.
Credentials
requires.env lists no secrets (good), but scripts assume runtime environment variables and paths: error-detector.sh reads CLAUDE_TOOL_OUTPUT (not declared) and the docs instruct modifying ~/.claude or ~/.openclaw settings. The skill also encourages promoting learnings to shared workspace files and using sessions_send/sessions_spawn — none of which require credentials, but they could expose logged content. Requesting no credentials is proportionate, but the instructions cause the agent to capture broad file contents, which is disproportionate to 'reminder' behavior.
Persistence & Privilege
always: false and user-invocable: true (normal). The skill provides optional hooks that the user may enable in global user settings (~/.claude/settings.json or ~/.openclaw/hooks). If a user enables these globally, the activator/error-detector scripts will run for many sessions with the same user permissions — that is expected but increases potential impact, so enable only when intentional.
What to consider before installing
This skill appears to do what it says (inject reminders and help you log learnings) and the included scripts/hooks are plausible, but proceed cautiously: 1) Do NOT blindly paste whole source files or logs that may contain credentials into .learnings — redact secrets before logging. 2) Review the scripts/hooks (activator.sh, error-detector.sh, extract-skill.sh and handler.ts/js) before enabling; error-detector reads CLAUDE_TOOL_OUTPUT and extract-skill.sh will write files in the workspace. 3) Prefer enabling hooks per-project (not global) so they don't run in unrelated sessions. 4) Verify the GitHub repository URLs referenced in the README (two different usernames are mentioned) before cloning. 5) If you intend to promote learnings or use sessions_send, ensure those logs are scrubbed or stored in an access-controlled place to avoid accidental data leakage. If you want, I can point out the exact lines to remove or change to reduce secret-exfiltration risk.Like a lobster shell, security has layers — review code before you run it.
latestvk979p49bcymzhzab5621kfh7tx83m6wa
License
MIT-0
Free to use, modify, and redistribute. No attribution required.