Skillv1.0.0

ClawScan security

中文版本，自我进化工程，让你的身体力行更有价值 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 1:19 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: This skill is coherent with its stated purpose (a local self-improving memory system) and contains only local file operations — no network calls or secret requests — but it persistently writes global, cross-project memory files and SKILL.md makes a small claim (project-file sync) that the included code does not implement.
Guidance: This skill appears to do what it says: it locally logs errors, corrections, best practices and knowledge gaps and exposes a check_memory tool for pre-execution checks. It does not contact external endpoints or ask for credentials. Before installing, consider: 1) Privacy — the skill will write potentially sensitive command text, errors and user corrections to ~/.openclaw/memory/self-improving as plaintext JSONL (no encryption). 2) Persistence — corrections and best practices are kept indefinitely unless manually removed; cleanup only targets some resolved errors and archived gaps. 3) The SKILL.md mentions also writing to project files (CLAUDE.md / AGENTS.md) but the provided code does not implement that — if you expect project-file sync, don't assume it's happening. 4) If you want to limit exposure, review or sandbox the directory, restrict file permissions, or modify the scripts to redact sensitive fields or shorten stored content. 5) If you dislike automatic pre-check behavior, avoid enabling autonomous triggers or adjust the agent's policies so these scripts are only run when you explicitly request them.

Review Dimensions

Purpose & Capability: noteThe name/description (self-improving memory system) matches the included scripts: check_memory, log_error, log_correction, log_best_practice, log_knowledge_gap, manage_memory and supporting memory_utils. All operations are local and related to the stated purpose. One inconsistency: SKILL.md says important memories are also written to the current project's CLAUDE.md or AGENTS.md (project-level), but none of the included code writes to those project files — the code only writes under ~/.openclaw/memory/self-improving.
Instruction Scope: noteRuntime instructions require the agent to run the provided Python scripts before executing commands and when corrections/errors/best-practices are detected. That is consistent with the skill's goal. Be aware the instructions expect the agent to call these scripts for many actions (e.g., before any shell command), which will cause frequent reads/writes of local memory files. The SKILL.md's claim of writing project files is not realized in code.
Install Mechanism: okNo install spec; code is bundled with the skill and runs as local Python scripts. No downloads, no external package installs, and no unusual filesystem locations beyond the user's home under ~/.openclaw/memory/self-improving.
Credentials: noteThe skill requests no environment variables or external credentials, which is appropriate. However, it will persist user-visible content (commands, errors, corrections, best practices, possibly full command text) in JSONL files under ~/.openclaw/memory/self-improving. This can include sensitive commands/outputs; there is no encryption or network exfiltration in the code.
Persistence & Privilege: concernMemory is stored globally (cross-project) and persists by default: corrections and best_practices are never auto-cleaned per manage_memory.py; cleanup only removes certain resolved errors/archived knowledge gaps. The skill is not always:true, but its default autonomy (agent can invoke) plus persistent global storage increases privacy exposure. If you enable automatic invocation, the agent may repeatedly read/write these global files.