Skillv1.1.0

ClawScan security

cpskilltest111 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 1, 2026, 3:43 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are coherent with a self-improvement logging hook: it injects a bootstrap reminder, provides optional hook scripts that detect errors and scaffold skills, and does not request credentials or reach out to external endpoints — but review the included scripts before enabling hooks because they will run with agent/user permissions and one script reads an environment variable that is not declared in the SKILL.md.
Guidance: This skill appears to do what it says: inject reminders, detect command errors, and help create learning entries and extracted skills. Before enabling it you should: 1) Read the included scripts (hooks/openclaw/handler.{js,ts}, scripts/*.sh) to confirm you're comfortable with what they do. 2) Be aware that enabling the hook copies code into your OpenClaw hooks and will run at agent bootstrap or PostToolUse events with the agent's permissions — only enable if you trust the code. 3) Note that error-detector.sh reads CLAUDE_TOOL_OUTPUT (not declared in the frontmatter); verify that your environment does not expose sensitive data in that variable or adjust the script. 4) If you plan to use extract-skill.sh, run it in a safe/test directory first (it creates files), and review its output. 5) Prefer enabling hooks at a project level or with a matcher filter (so they run only for relevant sessions) rather than enabling them globally. If you want higher assurance, run the skill in an isolated test user account or sandbox before enabling it in your day-to-day environment.

Review Dimensions

Purpose & Capability: okThe name/description (capture learnings, errors, corrections) aligns with the included materials: hook handlers, activator and error-detector scripts, learning templates, and an extractor script. Files and instructions (create .learnings, copy hooks to ~/.openclaw/hooks, enable hooks) are appropriate for the stated purpose.
Instruction Scope: noteSKILL.md instructs the agent/user to copy hooks into the OpenClaw hooks directory, enable hooks, and create workspace files. Those actions are expected for this kind of skill, but the instructions assume writing files in user home (~/.openclaw) and running scripts via hook configuration — make sure you intend to grant that local file-write / execution capability. The SKILL.md claims some scripts only output text, but extract-skill.sh can create new files when run (it is intended).
Install Mechanism: okThere is no remote download/install spec; the package is instruction + local scripts and hook handlers. No URLs/archives are fetched during install. Risk is limited to the user opting to copy/enable the ship's files locally (opt-in).
Credentials: concernThe skill declares no required environment variables, but scripts reference CLAUDE_TOOL_OUTPUT (error-detector.sh reads it). That env var is not listed in requires.env/frontmatter. CLAUDE_TOOL_OUTPUT could contain arbitrary tool output (possibly sensitive), so the mismatch between declared env usage and actual usage is a gap the user should note.
Persistence & Privilege: notealways:false (normal). However enabling the hook (copying files into ~/.openclaw/hooks and running openclaw hooks enable) grants code that runs on agent lifecycle events with the same permissions as the agent process. This is expected for a hook-based skill but is a meaningful privilege — enabling hooks should be an explicit opt-in and reviewed beforehand.