cpppp
v1.0.0Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⭐ 0· 289·0 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md, scripts, and hooks all implement a self-improvement / learning-capture workflow (reminders, logging to .learnings/, helper to extract skills). That matches the stated purpose. However, registry metadata doesn't match the internal package: the top-level registry name/slug is 'cpppp' while the SKILL.md and _meta.json reference 'self-improving-agent' / 'self-improvement' and different ownerIds. This mismatch is unexpected and should be validated with the publisher.
Instruction Scope
Runtime instructions stay within the stated purpose: they output reminders, detect command errors from CLAUDE_TOOL_OUTPUT, and provide helpers to scaffold skills and promote learnings. The scripts will create or modify local files (e.g., mkdir -p ~/.openclaw/workspace/.learnings, writing skill scaffolds under ./skills). The skill also documents promotion and inter-session tools (sessions_history, sessions_send), which — if used or enabled in OpenClaw — could surface learnings (and any sensitive content) across sessions. No instructions in SKILL.md instruct exfiltration or network calls beyond optional git clone from a public GitHub repo.
Install Mechanism
There is no formal install spec; this is instruction + local scripts. Manual install instructions recommend cloning from GitHub (https://github.com/peterskoett/pskoett-ai-skills), which is a normal pattern but an external source you should trust. No remote downloads or archive extraction are executed automatically by the skill itself; the included scripts are local and opt-in.
Credentials
The skill declares no required environment variables or credentials. The error-detector script reads CLAUDE_TOOL_OUTPUT (an agent-provided env var) which is appropriate for detecting command output. There are no unrelated secret/env requests in the manifest or SKILL.md.
Persistence & Privilege
The skill does not request always:true and does not modify other skills' configs. It does suggest copying hooks into ~/.openclaw/hooks and creating workspace files under ~/.openclaw/workspace/.learnings, which grants it persistent local presence if you follow the instructions. Hooks and scripts run with the same permissions as the agent runtime, so enabling them lets those scripts run at session events — this is expected but increases blast radius compared to a purely instruction-only skill.
What to consider before installing
Before installing: 1) Verify the publisher and source because the registry metadata (slug/name/owner) does not match the SKILL.md/_meta.json inside the package — ask the publisher to confirm they packaged the intended repo. 2) Inspect the included scripts (activator.sh, error-detector.sh, extract-skill.sh) yourself and run them only in a safe environment; extract-skill.sh will create files under ./skills and the activator and error-detector are meant to be enabled as hooks. 3) Be careful when enabling hooks globally (openclaw hooks enable ...) — they will run with the agent's permissions and may cause learnings to be written to your workspace; review .learnings/ for sensitive data before promoting entries or using inter-session features (sessions_send, sessions_history). 4) If you need higher assurance, test in an isolated account or sandbox, or request a signed/official release URL from the maintainer rather than cloning an arbitrary repo. 5) If you decide to proceed, keep the integration local and avoid promoting logs that may contain secrets or credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk975w3gyffgzzrkfbayxmwv335822vy1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.