Skillv1.0.0

ClawScan security

Xiucheng Self Improving Bwm · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 16, 2026, 6:36 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code broadly matches a self-improvement logger/analysis tool, but the SKILL.md claims and metadata contain inconsistencies (automatic per-session analysis, default file paths, and owner metadata) and the code will read/write files in the agent workspace, so review and test before installing.
Guidance: This package looks like a simple local analyzer/logger, but there are several mismatches you should resolve before installing: (1) Verify the source and owner (homepage/repo and ownerId mismatch). (2) Confirm where it will write files — the code uses /root/.openclaw/workspace (not the ./ defaults in SKILL.md). If you don't want it touching /root, change the workspace path. (3) SKILL.md promises 'automatic analysis after each session' but the code provides only a manual API/CLI — if you expect automatic hooking into your agent lifecycle, you'll need to implement or review that integration. (4) Be aware it will create/append improvement_log.md and can modify SOUL.md (agent personality). Test the skill in an isolated environment or sandbox, inspect and (if needed) patch the workspace path, and review the GitHub repo history/owner before granting it access to any production agent.

Review Dimensions

Purpose & Capability: concernThe name/description match a conversation-quality analyzer and the included Python implements analysis, logging, reporting and SOUL.md suggestions — so the core capability aligns. However, SKILL.md claims 'automatic analyzes conversations after each session' while the Python exposes only a manual API/CLI and no session hook; SKILL.md lists default config paths (./improvement_log.md, ./SOUL.md) but the code hardcodes workspace='/root/.openclaw/workspace'. Also the _meta.json ownerId differs from the registry ownerId, which is a metadata mismatch that deserves verification.
Instruction Scope: concernSKILL.md asserts automatic per-session analysis and integration with a 'memory-manager', but the code does not read conversation history, does not call any agent APIs, and does not integrate with a memory-manager — it only analyzes text passed into analyze_conversation and reads/writes files in the workspace. The code does not access environment variables or network, but it does create/modify improvement_log.md and SOUL.md in the workspace which can change persisted agent personality/data.
Install Mechanism: okNo install spec and no remote downloads — the skill is instruction-only with a bundled Python file. That lowers supply-chain risk; nothing is fetched from external URLs during install.
Credentials: noteThe skill requests no credentials or env vars, which is proportional. However, it uses a hardcoded workspace path (/root/.openclaw/workspace) and will create/append files there (improvement_log.md) and read/write SOUL.md. While expected for a learning/logging tool, this persistence means it can modify agent personality/configuration files — be aware and check the path and file ownership before use.
Persistence & Privilege: okalways:false and no special privileges requested. The skill persists data to the agent workspace and can update SOUL.md (personality anchor), which is within the claimed scope but has a broad behavioral impact on future agent responses; it does not modify other skills or global system settings.