Skillv1.0.1

ClawScan security

AI自动进化工程，结合self-improvement技巧+实际运行总结而成 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 1:43 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally coherent: it documents a local "learnings" workflow, provides helper scripts and an OpenClaw hook to remind agents to read/write .learnings, and does not request credentials or remote endpoints.
Guidance: This skill looks coherent and doesn't ask for credentials or remote downloads, but it does read and write local files when enabled. Before installing or enabling hooks: (1) inspect the scripts (activator.sh, error-detector.sh, extract-skill.sh, handler.js/ts) yourself; (2) decide where .learnings/ should live (project vs ~/.openclaw/workspace) and add it to .gitignore if you don't want entries tracked; (3) prefer enabling only the UserPromptSubmit activator and avoid enabling high-frequency PostToolUse hooks unless you want frequent checks; (4) be cautious about running extract-skill.sh in untrusted contexts since it will create files in the workspace; and (5) if you operate in a multi-user or shared-repo environment, review what the agent may persist to avoid leaking sensitive command output or credentials accidentally recorded in learnings.

Review Dimensions

Purpose & Capability: okThe name/description (self-improvement / recording errors & learnings) aligns with what the repository contains: documentation, helper scripts to detect errors and an OpenClaw hook that injects reminders. Files and scripts (activator, error detector, extract helper, hook handlers) are appropriate for this purpose.
Instruction Scope: noteSKILL.md instructs the agent to read and append entries under .learnings/ (or a workspace path) and to run simple grep-based checks and review/summary flows. That scope is consistent with a learning-capture skill, but it does involve reading/writing local files and scanning recent entries; enablement therefore grants the agent the ability to persist notes to the workspace or home workspace. The instructions do not instruct network exfiltration or reading unrelated credential/config files.
Install Mechanism: okThere is no automated install spec. This is effectively instruction + optional scripts. The included scripts are local shell/JS files; they are not downloaded from arbitrary URLs and contain readable, non-obfuscated code. The extraction helper writes to a relative ./skills directory but has checks to avoid absolute paths/.. traversal.
Credentials: okThe skill requires no secrets or credentials. Scripts reference CLAUDE_TOOL_OUTPUT and CLAUDE_EXIT_CODE environment variables (platform-provided hook context) which is expected for PostToolUse hooks. No unrelated tokens, keys, or secret paths are requested.
Persistence & Privilege: notealways:false (normal). Enabling the hooks (activator, PostToolUse) will cause the agent to run the provided scripts on agent events and may cause the agent to create or update files under .learnings/ or ./skills/ if the extraction helper is run. Hooks and scripts run with the same privileges as the agent—so review/limit hook enablement and the target .learnings location to avoid writing sensitive files into a shared repo or exposing private data.