小花自我迭代 (HuaNiu Enhanced)
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is not showing exfiltration or destructive code, but it needs review because it can persistently change agent memory, behavior files, hooks, and OpenClaw configuration.
Install only if you want a self-improving agent that writes persistent learning records and can influence future sessions. Before using it, set rules that require your confirmation before modifying MEMORY.md, SOUL.md, TOOLS.md, AGENTS.md, openclaw.json, or restarting services.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Incorrect, private, or over-broad notes could become persistent instructions that change how the agent behaves in later tasks.
The skill tells the agent to promote session learnings into long-term memory and behavior/tool instruction files, including when uncertain. These files can influence future sessions, but the artifacts do not require user review before promotion.
`.learnings/LEARNINGS.md (详细上下文) ↓ MEMORY.md (团队通用知识) ↓ SOUL.md (行为准则/人格) ↓ TOOLS.md (工具使用模式)` ... `积极提升 - 有疑问就加到 MEMORY.md`
Require explicit user approval before writing to MEMORY.md, SOUL.md, TOOLS.md, or AGENTS.md; keep entries scoped, reviewable, and easy to remove.
The agent could change local OpenClaw behavior or interrupt the running gateway if it follows this workflow too proactively.
The workflow directs the agent to modify OpenClaw configuration and restart the gateway. That is a high-impact local environment action, and the artifact does not state that the agent must get user confirmation first.
当模型上下文与文档不符时: `更新 openclaw.json 匹配现实` ... `重启网关:Stop-Process → 等 2 秒 → openclaw gateway`
Treat configuration edits and process restarts as approval-required actions, and back up openclaw.json before changing it.
Future sessions may be nudged to log or promote learnings even when that is not the main user task.
The hook injects an additional self-improvement reminder into the agent bootstrap context. This is disclosed and purpose-aligned, but it still changes the prompt context for sessions where the hook is enabled.
event.context.bootstrapFiles.push({ path: 'SELF_IMPROVEMENT_REMINDER.md', content: REMINDER_CONTENT, virtual: true })Enable the hook only if you want this behavior, and disable it when you do not want persistent self-improvement reminders.
If used carelessly, information from one session could be shared with another session or a background agent without clear separation.
The reference material documents cross-session transcript reading, messaging, and background sub-agent spawning. This is integration documentation rather than active code, but users should understand the data-boundary implications.
`sessions_history` Read transcript from another session ... `sessions_send` Send message to another session ... `sessions_spawn` Spawn a background sub-agent
Use cross-session tools only with explicit intent, and avoid sending private or unrelated task context to other sessions.
It may be harder to tell exactly which upstream package/version this skill came from.
The package metadata differs from the registry identity shown for this evaluation, which lists the skill as xiaohua-self-improving version 1.0.0. This looks like a fork/packaging mismatch rather than malicious behavior, but it is a provenance gap.
`"name": "self-improving-agent"` ... `"version": "2.0.0"`
Verify the publisher and intended fork before installing, and prefer packages with consistent registry and package metadata.