Skillv0.1.0

ClawScan security

Self Improvement · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 1:33 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, scripts, and runtime instructions are consistent with a self-improvement / logging helper for OpenClaw-style agents and do not request unrelated credentials or perform unexpected network operations.
Guidance: This skill appears to do what it claims, but review a few things before enabling hooks: 1) Inspect scripts (activator.sh, error-detector.sh, extract-skill.sh) locally to confirm you’re comfortable with their behavior and make them executable only if appropriate. 2) Be aware CLAUDE_TOOL_OUTPUT may contain command output (potentially secrets); the skill only scans for error patterns but your .learnings/ files may end up containing snippets of tool output—avoid logging sensitive data. 3) When enabling the OpenClaw/agent hook, enable it consciously (it will inject reminders into sessions you opt into). 4) If you plan to run extract-skill.sh, run with --dry-run first and ensure the output directory is within the workspace you intend (the script enforces relative paths). 5) As with any third-party repo, consider vetting the GitHub source and commit history before cloning into ~/.openclaw/skills.

Review Dimensions

Purpose & Capability: okName/description (capture learnings, errors, promote to workspace files) align with what is included: logging templates, hook handlers that inject reminders, an activator and error-detector script, and a helper to extract skills. Nothing in the bundle requires unrelated capabilities such as cloud credentials or network access.
Instruction Scope: okSKILL.md and the hooks/scripts restrict behavior to: injecting a virtual reminder at bootstrap, printing lightweight reminders on prompt/command lifecycle events, scanning tool output for error-like patterns, and scaffolding skill files locally. Scripts read CLAUDE_TOOL_OUTPUT (expected platform variable) and create files under relative paths; they do not transmit data externally or access unrelated system config.
Install Mechanism: okNo automated remote installer or download-from-arbitrary-URL is used. Installation is manual (git clone or clawdhub). All included scripts are present in the repo; no extract-from-unknown-URL behavior was found.
Credentials: okThe skill declares no required env vars or credentials. The scripts rely on platform-provided CLAUDE_TOOL_OUTPUT to detect errors, which is appropriate for an error-detection hook. No unrelated secret or credential access is requested.
Persistence & Privilege: okThe skill is not always-enabled and requires opt-in hook configuration. The hook/handler injects a virtual bootstrap file when enabled but does not modify other skills' configs or request elevated/system-wide privileges.