Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
小花自我迭代 (HuaNiu Enhanced)
v1.0.0小花专用自我迭代技能 - 基于 self-improving-agent 增强,集成 OpenClaw 工作流、MEMORY.md、百度千帆、看想做找四部曲。专为国内部署优化。
⭐ 0· 350·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the included files and instructions: the SKILL.md, hooks, and scripts implement reminders, error detection, and a helper to extract learnings into new skills. References to China-friendly tooling (Baidu, Ollama) are documented as integration options rather than required credentials. There is a minor metadata mismatch (package _meta.json says 'self-improving-agent' v2.0.0 while registry entry is 'xiaohua-self-improving' v1.0.0) but this looks like a fork/branding difference rather than malicious behavior.
Instruction Scope
Runtime instructions and hooks operate on workspace files (MEMORY.md, .learnings/, WORKFLOW_AUTO.md) and inject short reminders during bootstrap or after tool use. The error-detector reads the CLAUDE_TOOL_OUTPUT environment variable (expected for a PostToolUse hook). The docs mention OpenClaw session APIs (sessions_history, sessions_send, sessions_spawn) as available capabilities — these are examples and not used by the provided hook code, but they are powerful (can read/send cross-session data) and worth noting before enabling cross-session features.
Install Mechanism
No downloader or package install is declared (instruction-only with bundled scripts and hooks). All included scripts are plain shell/JS/TS files; there are no remote fetches, URL shorteners, or archive extraction behaviors in the manifest. This is a low-risk install model assuming you review and opt-in to enable hooks.
Credentials
The skill declares no required environment variables or credentials. Scripts use CLAUDE_TOOL_OUTPUT (a runtime tool-output variable) which is expected for an error-detection hook. There are no requests for AWS/GitHub/other unrelated keys or secrets in the files.
Persistence & Privilege
always:false and user-invocable:true (default). Hooks/scripts are opt‑in: enabling them requires explicit user config (openclaw hooks enable or adding entries to settings files). The scripts run with the same permissions as the user/agent process — standard for hooks — and they do not modify other skills' configurations.
Assessment
This skill appears internally consistent and implements short, opt‑in reminders and error-detection hooks for an OpenClaw workspace. Before enabling it: 1) review the hook scripts (hooks/openclaw/handler.{js,ts}, scripts/*.sh) to confirm you accept their behavior; they will run with the same user permissions as the agent. 2) If you enable hooks globally (~/.claude or ~/.openclaw settings), prefer a sandbox workspace first to verify outputs. 3) Note extract-skill.sh writes to a relative ./skills directory but validates paths to avoid absolute or '..' writes — still confirm the target directory. 4) The skill references cross-session APIs in docs; those are powerful — only enable inter-session features if you trust the environment. 5) There are no credentials requested by this skill; services like Baidu/OLLAMA are mentioned as optional integrations and would require separate configuration. If you want higher assurance, run the scripts in a controlled environment (non-production user) before enabling them in your main workspace.Like a lobster shell, security has layers — review code before you run it.
chinavk9713fz3qggg6j51dy18hhe8cn824gbzlatestvk9713fz3qggg6j51dy18hhe8cn824gbzopenclawvk9713fz3qggg6j51dy18hhe8cn824gbzxiaohuavk9713fz3qggg6j51dy18hhe8cn824gbz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.