Cpppselfimprovingagent123123
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken, sensitive, or prompt-injection-like learning could be saved and reused in later sessions, changing the agent's behavior or exposing context beyond the original task.
The skill explicitly stores learnings and promotes them into files that become future agent context. The artifacts do not clearly require user review, redaction, or protection against untrusted text before these persistent instructions are reused.
OpenClaw injects these files into every session ... Broadly applicable learning | Promote to `CLAUDE.md`, `AGENTS.md`, and/or `.github/copilot-instructions.md`
Require explicit user approval before promoting learnings into agent instruction or memory files; redact secrets and raw tool output; keep entries project-scoped; and provide cleanup/retention guidance.
Every enabled session may receive an extra self-improvement reminder, which can nudge the agent to log or promote learnings.
When enabled, the hook persistently injects a reminder into each agent bootstrap. This is disclosed and purpose-aligned, and the code only injects text, but it is still persistent context behavior.
if (event.type !== 'agent' || event.action !== 'bootstrap') { return; } ... event.context.bootstrapFiles.push({ path: 'SELF_IMPROVEMENT_REMINDER.md', content: REMINDER_CONTENT, virtual: true })Enable the hook only if you want recurring startup reminders, and disable it if it becomes intrusive or if you do not want persistent learning behavior.
If used carelessly, learnings or transcript content could be shared across sessions, or background agents could be started with more context than intended.
The documentation describes cross-session transcript reading, messaging, and background sub-agent spawning. The artifacts do not show automatic use, but they do not define approval or data-boundary rules either.
sessions_history ... Read transcript from another session ... sessions_send ... Send message to another session ... sessions_spawn ... Spawn a background sub-agent
Ask the user before reading another session, sending session messages, or spawning sub-agents; share only the minimal sanitized learning needed.
Installing from an unverified external repository could fetch content different from the reviewed registry artifact.
The manual install instructions rely on an external unpinned GitHub repository. This is user-directed and not automatically executed, but users should verify that repository before cloning or enabling hooks from it.
git clone https://github.com/peterskoett/self-improving-agent.git ~/.openclaw/skills/self-improving-agent
Prefer the reviewed registry package or pin and inspect the exact commit before manually cloning external code.