Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Self-Improving Agent
v1.0.0Build agents that learn from user corrections by updating and following dated rules to improve performance and reduce repeated mistakes over time.
⭐ 0· 127·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the SKILL.md: it aims to log corrections and evolve a RULES.md operating manual. However, the guidance expects the agent to consult a 'projects/' folder and check a calendar before suggesting times — capabilities that go beyond the stated, self-contained 'rules' purpose and are not declared as required resources.
Instruction Scope
SKILL.md directs the agent to create, read, update, and silently scan RULES.md and to modify AGENTS.md. It also tells the agent to check calendar data and include status from a projects/ folder when referencing projects. Those are file-system and external-service actions (and could capture user corrections that contain sensitive data). The instructions use the word 'silently' for periodic scans, which grants the agent ongoing, background discretion to read/write without explicit user prompts.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — low installation risk. Nothing is downloaded or written by a package installer.
Credentials
The skill declares no required env vars or config paths, yet it implies access to calendars, project folders, and email workflows. That mismatch means the skill expects capabilities (read/write workspace files, access to calendar/email) but doesn't declare them, so it's unclear what credentials or filesystem access will be used.
Persistence & Privilege
While always:false, the instructions explicitly require persistent behavior: log every correction, scan RULES.md every ~10 interactions, and automatically update AGENTS.md. That grants ongoing write/read persistence in the agent environment and could produce long-lived files containing user corrections (which may include sensitive info).
What to consider before installing
Before installing, consider that this skill will create and maintain RULES.md and modify AGENTS.md in the agent's workspace and expects the agent to read project folders and check calendars. Ask where RULES.md will be stored and who can read it; ensure file permissions and retention policies are appropriate. Require sanitization rules (strip PII or secrets) before logging corrections. If the agent will access calendars or send emails, only enable those integrations with explicit credentials and review what data it may read. Prefer running this skill in an isolated/test workspace first, or require explicit user confirmation before any automatic writes or background scans. If you need stronger guarantees, request the author add: explicit config for storage location, an allowlist of folders the skill may access, a sanitization policy for logged corrections, and a clear declaration of any external services or credentials it needs.Like a lobster shell, security has layers — review code before you run it.
agentsvk972shxh3924pw1ntzc4h3xvv183cybpimprovementvk972shxh3924pw1ntzc4h3xvv183cybplatestvk972shxh3924pw1ntzc4h3xvv183cybplearningvk972shxh3924pw1ntzc4h3xvv183cybp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.