cpskilltest222
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Incorrect or maliciously influenced learnings could become lasting instructions that affect future agent behavior.
The skill directs the agent to write learned content into persistent instruction/context files that may be reused by future sessions. That is central to the skill, but the artifacts do not clearly require user review before promotion.
Broadly applicable learning | Promote to `CLAUDE.md`, `AGENTS.md`, and/or `.github/copilot-instructions.md`
Only allow promotion to persistent instruction files after explicit user confirmation, and review entries before they are added to CLAUDE.md, AGENTS.md, SOUL.md, TOOLS.md, or copilot-instructions.md.
If enabled, the skill will keep adding self-improvement reminders to future sessions until the hook is disabled.
The optional hook persists as an enabled bootstrap hook and injects reminder context into future sessions. The included handler only adds a reminder, so this is disclosed and purpose-aligned, but it changes ongoing agent context.
Fires on `agent:bootstrap` ... Adds a reminder block to check `.learnings/` for relevant entries
Enable the hook only if you want persistent reminders, and disable it if it becomes intrusive or no longer matches your workflow.
Learnings or transcript details could be shared across sessions if the agent uses these tools without careful scoping.
The documentation describes reading other session transcripts, sending messages to sessions, and spawning sub-agents. These are purpose-aligned examples, but the artifacts do not define privacy or permission boundaries for cross-session sharing.
sessions_history(sessionKey="session-id", limit=50) ... sessions_send(sessionKey="session-id", message="Learning: API requires X-Custom-Header") ... sessions_spawn(task="Research X and report back", label="research")
Avoid sending sensitive transcript content between sessions unless the user explicitly approves and the destination session is known.
A user following the instructions could install or trust a different package than the one being reviewed.
The evaluated registry metadata identifies the skill as `cpskilltest222`, while the installation instructions point to `self-improving-agent`; `_meta.json` also uses a different slug/version. This mismatch creates package identity and provenance ambiguity.
clawdhub install self-improving-agent
Clarify the package identity, align the registry slug, _meta.json, and install instructions, and provide a trustworthy homepage/source before installation.
If configured, local scripts will run automatically on hook events with the same permissions as the agent environment.
The setup guide shows optional hook configuration that runs local shell scripts on prompt submission or after Bash tool use. The provided scripts mainly print reminders and do not show destructive behavior, so this is expected for the purpose.
"command": "./skills/self-improvement/scripts/activator.sh"
Review the scripts before enabling hooks, keep them scoped to reminder output, and avoid enabling global hooks unless you want this behavior in all projects.