Skillv1.0.0

ClawScan security

cpppp · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 1, 2026, 1:59 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The bundle is largely a coherent 'self-improvement' reminder/logging skill, but there are metadata inconsistencies (registry vs. internal files) and a few operational risks (local file writes, optional hooks that can expose session data) that you should review before installing.
Guidance: Before installing: 1) Verify the publisher and source because the registry metadata (slug/name/owner) does not match the SKILL.md/_meta.json inside the package — ask the publisher to confirm they packaged the intended repo. 2) Inspect the included scripts (activator.sh, error-detector.sh, extract-skill.sh) yourself and run them only in a safe environment; extract-skill.sh will create files under ./skills and the activator and error-detector are meant to be enabled as hooks. 3) Be careful when enabling hooks globally (openclaw hooks enable ...) — they will run with the agent's permissions and may cause learnings to be written to your workspace; review .learnings/ for sensitive data before promoting entries or using inter-session features (sessions_send, sessions_history). 4) If you need higher assurance, test in an isolated account or sandbox, or request a signed/official release URL from the maintainer rather than cloning an arbitrary repo. 5) If you decide to proceed, keep the integration local and avoid promoting logs that may contain secrets or credentials.

Review Dimensions

Purpose & Capability: noteThe SKILL.md, scripts, and hooks all implement a self-improvement / learning-capture workflow (reminders, logging to .learnings/, helper to extract skills). That matches the stated purpose. However, registry metadata doesn't match the internal package: the top-level registry name/slug is 'cpppp' while the SKILL.md and _meta.json reference 'self-improving-agent' / 'self-improvement' and different ownerIds. This mismatch is unexpected and should be validated with the publisher.
Instruction Scope: noteRuntime instructions stay within the stated purpose: they output reminders, detect command errors from CLAUDE_TOOL_OUTPUT, and provide helpers to scaffold skills and promote learnings. The scripts will create or modify local files (e.g., mkdir -p ~/.openclaw/workspace/.learnings, writing skill scaffolds under ./skills). The skill also documents promotion and inter-session tools (sessions_history, sessions_send), which — if used or enabled in OpenClaw — could surface learnings (and any sensitive content) across sessions. No instructions in SKILL.md instruct exfiltration or network calls beyond optional git clone from a public GitHub repo.
Install Mechanism: noteThere is no formal install spec; this is instruction + local scripts. Manual install instructions recommend cloning from GitHub (https://github.com/peterskoett/pskoett-ai-skills), which is a normal pattern but an external source you should trust. No remote downloads or archive extraction are executed automatically by the skill itself; the included scripts are local and opt-in.
Credentials: okThe skill declares no required environment variables or credentials. The error-detector script reads CLAUDE_TOOL_OUTPUT (an agent-provided env var) which is appropriate for detecting command output. There are no unrelated secret/env requests in the manifest or SKILL.md.
Persistence & Privilege: noteThe skill does not request always:true and does not modify other skills' configs. It does suggest copying hooks into ~/.openclaw/hooks and creating workspace files under ~/.openclaw/workspace/.learnings, which grants it persistent local presence if you follow the instructions. Hooks and scripts run with the same permissions as the agent runtime, so enabling them lets those scripts run at session events — this is expected but increases blast radius compared to a purely instruction-only skill.