Super Self Improving
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only self-improvement skill is broadly transparent and purpose-aligned, but it would create persistent user/behavior memories and describes agent scheduling/context caching that users should manage carefully.
Before installing, decide whether you want the agent to keep long-term local memories about preferences, behavior patterns, feedback, and performance. Keep sensitive information out of those memories, review or delete the ~/.super-self-improving directory when needed, and avoid running any missing CLI/script implementation from an untrusted source.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Incorrect, overly broad, or sensitive memories could be reused in later tasks and bias the assistant’s responses.
The skill directs the agent to keep persistent memories, including always-loaded memory and inferred feedback, which can affect future context and behavior.
~/.super-self-improving/ ... memory/ ... hot.md # 始终加载 (<100行) ... preferences.md # 用户偏好 ... patterns.md # 行为模式 ... feedback/ ... implicit.md # 隐式反馈
Use this only if you are comfortable with persistent local memory; inspect and clear the memory directory periodically, and avoid storing secrets or sensitive personal details.
If implemented broadly, task context could be reused or shared across agents in ways the user did not expect.
The skill describes selecting agents, adjusting agent load, autoscaling, and caching shared context, but does not define detailed identity, permission, or data-sharing boundaries.
Agent调度优化 / Agent Scheduling Optimization ... 智能任务分配 / Intelligent task allocation ... 自动扩缩容 / Auto scaling ... 缓存常用上下文减少重复
Require explicit user approval before delegating tasks to other agents or caching context across agents, especially when the task contains private data.
The documented commands may not work as provided, and users might be tempted to obtain an unreviewed script from another source.
The README references a script-based implementation, while the supplied artifact set contains no code files or install spec. This is a provenance/completeness gap rather than evidence of malicious behavior.
python super_self_improving.py stats
Do not run external or separately downloaded implementations unless their source and dependencies are reviewed and trusted.