中文版本,自我进化工程,让你的身体力行更有价值
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a disclosed self-learning memory system, but it gives persistent memories broad authority over future behavior and writes them across projects without clear approval, scoping, or cleanup controls.
Review this skill carefully before installing. It appears to be a local-only memory tool with no network exfiltration in the provided code, but it is designed to automatically save and reuse interaction history across sessions and projects. Use it only if you are comfortable with persistent agent memory, and consider adding approval prompts, secret redaction, scoped project-only storage, and controls before it modifies CLAUDE.md or AGENTS.md.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private commands, error output, preferences, or project details could be saved and reused in later sessions.
The skill automatically stores commands, errors, corrections, and other interaction details into a global persistent memory store. Those records may contain sensitive project details or secrets, and the artifacts do not show redaction or per-entry user approval.
当命令执行失败(退出码非0)或出现异常时,立即记录 ... --command "失败的命令" --error "错误信息" ... 重要记忆同时写入:~/.openclaw/memory/self-improving/(全局,跨项目生效)
Install only if you want persistent cross-session memory; avoid logging secrets, inspect ~/.openclaw/memory/self-improving regularly, and add redaction/approval rules before automatic logging.
The agent may follow old or poisoned stored instructions instead of the current task’s best guidance.
The skill makes retrieved memory highly authoritative, including over conflicting current operations. If a memory is stale, wrong, or adversarially introduced, it could redirect future agent behavior.
如果记忆与当前操作冲突,优先遵循记忆中的纠正记录 ... corrections(用户明确纠正) > 一切
Treat memories as advisory, not authoritative; require current-user confirmation before applying memories that conflict with the active request, system rules, or safety constraints.
A mistaken or malicious memory could spread into project instruction files and influence future work beyond the original conversation.
The skill instructs the agent to propagate memories into both global storage and project-level agent instruction files, which can affect later sessions, other agents, and possibly teammates using the same project.
重要记忆同时写入:~/.openclaw/memory/self-improving/(全局,跨项目生效)- 当前项目 CLAUDE.md 或 AGENTS.md(项目级偏好)
Require explicit user approval before modifying CLAUDE.md or AGENTS.md, clearly label generated memory entries, and provide an easy rollback path.
The agent will run local helper scripts often and may create or update local memory files during normal use.
The skill relies on frequent local Python helper execution. This is purpose-aligned for a memory skill, but broad because it is requested before nearly every substantive action.
在执行任何命令、生成代码、推荐方案之前,先调用记忆检查:python3 ~/.openclaw/skills/self-improving-agent/check_memory.py --query "关键词"
Review the helper scripts and memory directory permissions, and limit automatic invocation if you do not want background-style memory checks.
If installed under a different directory name, the agent may not call the reviewed helper files, or it may call an unrelated local script with the same path.
The SKILL.md hard-codes a helper path using self-improving-agent, while the supplied registry metadata lists slug ai-self-learning and included metadata identifies self-improving-agent-cn. This mismatch could cause failed execution or accidental use of a different local path.
python3 ~/.openclaw/skills/self-improving-agent/check_memory.py --query "关键词"
Use a path derived from the installed skill location or align the registry slug, metadata, and documented helper paths.