ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Compound 1.0.1

Make your AI agent learn and improve automatically. Reviews sessions, extracts learnings, updates memory files, and compounds knowledge over time. Set up nightly review loops that make your agent smarter every day.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
4 · 1.9k · 14 current installs · 14 all-time installs
by@AmanGarg1999
duplicate of @lxgicstudios/ai-compound
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The description promises automatic review of sessions and updating memory/agent files (including committing and pushing). The SKILL.md expects access to session data, a git repo, and binaries like 'clawdbot' and 'npx compound-engineering', but the skill metadata lists no required binaries, env vars, or config paths. Either the skill expects implicit access to the host environment (not declared) or it assumes external tooling is already installed — this is an incoherence.
!
Instruction Scope
Runtime instructions direct the agent to "scan all sessions from last 24h", extract sensitive info (preferences, decisions), update MEMORY.md and daily files, and commit/push changes. They also provide cron and launchd setup snippets and suggest writing to user paths (~/clawd, ~/Library/LaunchAgents). The SKILL.md gives the agent broad discretion about where and how to find sessions and how to store/commit extracted content, which could lead to reading arbitrary files or pushing sensitive data to remote repos.
Install Mechanism
There is no install spec and no code files (instruction-only), which is low-risk in itself. However the Quick Start and examples show commands like 'npx compound-engineering' and reference '/opt/homebrew/bin/clawdbot'. Those commands refer to external packages/tools not provided by the skill; the instructions implicitly depend on them but the skill doesn't declare these dependencies.
!
Credentials
The skill declares no required env vars, but the instructions assume the ability to commit and push to git (which requires credentials or stored SSH keys), to run system-level schedulers, and to access file paths for memory and agents. This is a mismatch: the skill asks the agent to perform actions that normally require credentials and file-system permissions without declaring or restricting them.
Persistence & Privilege
The skill does not set 'always: true' and does not request autonomous invocation privileges beyond the platform default. Still, it instructs creating persistent cron/launchd jobs and suggests adding hourly snapshots and nightly reviews — effectively persistent behavior on the host. That persistence is not declared in metadata and could have privacy implications if not reviewed by the user.
What to consider before installing
This skill contains only instructions; it does not ship code or declare credentials, but its runtime steps expect access to session logs, a git repo (commit & push), and external binaries like 'clawdbot' and 'npx compound-engineering'. Before installing or enabling it: 1) Confirm where "sessions" live and ensure the agent is allowed to read only the intended data (avoid exposing PII or secrets). 2) Do not allow automatic commits/pushes of memory files to remote repos unless you trust the destination; consider using a private repo, an isolated local repo, or redaction/encryption of sensitive content. 3) Audit and control the cron/launchd snippets — add them manually rather than letting an agent create them, and ensure paths (/opt/homebrew/bin/clawdbot, ~/clawd) exist and are correct. 4) If you need git pushes, create a dedicated deploy key or token with minimal scope and keep it separate from other credentials. 5) Verify the existence and provenance of any external tools referenced by the instructions (npx package, clawdbot) before running them. 6) If you want to proceed safely, run the review/snapshot workflows manually first, inspect the generated memory files for sensitive data, and only later automate with tightly scoped permissions. If the author can provide the missing details (which binaries are required, where sessions are stored, what git remote is used, or an install package), re-evaluate after those are supplied.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk977dn2hh32bjnz1feknbd86z1804f18

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Compound Engineering

Make your AI agent learn automatically. Extract learnings from sessions, update memory files, and compound knowledge over time.

The idea: Your agent reviews its own work, extracts patterns and lessons, and updates its instructions. Tomorrow's agent is smarter than today's.

Quick Start

# Review last 24 hours and update memory
npx compound-engineering review

# Create hourly memory snapshot
npx compound-engineering snapshot

# Set up automated nightly review (cron)
npx compound-engineering setup-cron

How It Works

The Compound Loop

┌─────────────────────────────────────────┐
│           DAILY WORK                    │
│  Sessions, chats, tasks, decisions      │
└────────────────┬────────────────────────┘
                 │
                 ▼
┌─────────────────────────────────────────┐
│        NIGHTLY REVIEW (10:30 PM)        │
│  • Scan all sessions from last 24h      │
│  • Extract learnings and patterns       │
│  • Update MEMORY.md and AGENTS.md       │
│  • Commit and push changes              │
└────────────────┬────────────────────────┘
                 │
                 ▼
┌─────────────────────────────────────────┐
│        NEXT DAY                         │
│  Agent reads updated instructions       │
│  Benefits from yesterday's learnings    │
└─────────────────────────────────────────┘

What Gets Extracted

  • Patterns: Recurring approaches that worked
  • Gotchas: Things that failed or caused issues
  • Preferences: User preferences discovered
  • Decisions: Key decisions and their reasoning
  • TODOs: Unfinished items to remember

Clawdbot Integration

Automatic Hourly Memory

Add to your HEARTBEAT.md:

# Hourly Memory Snapshot
Every hour, append a brief summary to memory/YYYY-MM-DD.md:
- What was accomplished
- Key decisions made
- Anything to remember

Or use cron:

# Add to clawdbot config or crontab
0 * * * * clawdbot cron run compound-hourly

Nightly Review Job

Add this cron job to Clawdbot:

{
  "id": "compound-nightly",
  "schedule": "30 22 * * *",
  "text": "Review all sessions from the last 24 hours. For each session, extract: 1) Key learnings and patterns, 2) Mistakes or gotchas to avoid, 3) User preferences discovered, 4) Unfinished items. Update MEMORY.md with a summary. Update memory/YYYY-MM-DD.md with details. Commit changes to git."
}

Manual Review Command

When you want to trigger a review manually:

Review the last 24 hours of work. Extract:

1. **Patterns that worked** - approaches to repeat
2. **Gotchas encountered** - things to avoid
3. **Preferences learned** - user likes/dislikes
4. **Key decisions** - and their reasoning
5. **Open items** - unfinished work

Update:
- MEMORY.md with significant long-term learnings
- memory/YYYY-MM-DD.md with today's details
- AGENTS.md if workflow changes needed

Commit changes with message "compound: daily review YYYY-MM-DD"

Memory File Structure

MEMORY.md (Long-term)

# Long-Term Memory

## Patterns That Work
- When doing X, always Y first
- User prefers Z approach for...

## Gotchas to Avoid  
- Don't do X without checking Y
- API Z has rate limit of...

## User Preferences
- Prefers concise responses
- Timezone: PST
- ...

## Project Context
- Main repo at /path/to/project
- Deploy process is...

memory/YYYY-MM-DD.md (Daily)

# 2026-01-28 (Tuesday)

## Sessions
- 09:00 - Built security audit tool
- 14:00 - Published 40 skills to MoltHub

## Decisions
- Chose to batch publish in parallel (5 sub-agents)
- Security tool covers 6 check categories

## Learnings
- ClawdHub publish can timeout, retry with new version
- npm publish hangs sometimes, may need to retry

## Open Items
- [ ] Finish remaining MoltHub uploads
- [ ] Set up analytics tracker

Hourly Snapshots

For more granular memory, create hourly snapshots:

# Creates memory/YYYY-MM-DD-HH.md every hour
*/60 * * * * echo "## $(date +%H):00 Snapshot" >> ~/clawd/memory/$(date +%Y-%m-%d).md

Or have the agent do it via heartbeat by checking time and appending to daily file.

The Compound Effect

Week 1: Agent knows basics Week 2: Agent remembers your preferences
Week 4: Agent anticipates your needs Month 2: Agent is an expert in your workflow

Knowledge compounds. Every session makes future sessions better.

Setup Scripts

Nightly Review (launchd - macOS)

<!-- ~/Library/LaunchAgents/com.clawdbot.compound-review.plist -->
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "...">
<plist version="1.0">
<dict>
  <key>Label</key>
  <string>com.clawdbot.compound-review</string>
  <key>ProgramArguments</key>
  <array>
    <string>/opt/homebrew/bin/clawdbot</string>
    <string>cron</string>
    <string>run</string>
    <string>compound-nightly</string>
  </array>
  <key>StartCalendarInterval</key>
  <dict>
    <key>Hour</key>
    <integer>22</integer>
    <key>Minute</key>
    <integer>30</integer>
  </dict>
</dict>
</plist>

Hourly Memory (crontab)

# Add with: crontab -e
0 * * * * /opt/homebrew/bin/clawdbot cron run compound-hourly 2>&1 >> ~/clawd/logs/compound.log

Best Practices

  1. Review before sleep - Let the nightly job run when you're done for the day
  2. Don't over-extract - Focus on significant learnings, not noise
  3. Prune regularly - Remove outdated info from MEMORY.md monthly
  4. Git everything - Memory files should be version controlled
  5. Trust the compound - Effects are subtle at first, dramatic over time

Built by LXGIC Studios - @lxgicstudios

Built by LXGIC Studios

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…