Back to skill
Skillv0.1.0
ClawScan security
Self Improvement · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 6:00 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, hooks, and scripts are consistent with its stated purpose (capturing learnings and reminding agents to log errors); it requests no credentials and its install/runtime actions are proportional to that goal.
- Guidance
- This skill appears coherent and low-risk for its stated purpose. Before enabling it: 1) review and, if needed, run the shell scripts in a safe/test workspace (they only print reminders or scan local tool output for error patterns); 2) enable hooks only at the project level (not globally) unless you trust the behavior site-wide; 3) note that promoting learnings or using sessions_history/sessions_send uses OpenClaw session features that can access other session transcripts—only use those when appropriate; 4) if you plan to use extract-skill.sh, keep it in a project workspace (it refuses absolute and .. paths but will create files under the given relative path); and 5) set executable permissions intentionally (chmod +x) and inspect scripts before running. Overall this skill is internally consistent with its description.
Review Dimensions
- Purpose & Capability
- okName/description (self-improvement / capture learnings) align with the provided files: README-style SKILL.md, templates, logging files, hook handlers, and small helper scripts. Required env/config/credentials are none, which matches the non-privileged nature of the task.
- Instruction Scope
- noteSKILL.md instructs agents to create and update local .learnings files, promote entries to workspace docs, and optionally use OpenClaw session utilities (sessions_list, sessions_history, sessions_send, sessions_spawn). Those inter-session utilities are platform features — their mention is in-scope for a cross-session learning workflow but you should be aware they read or send session transcripts when used. The scripts/hooks themselves only inject text or inspect tool output (CLAUDE_TOOL_OUTPUT) and do not attempt network exfiltration.
- Install Mechanism
- okNo install spec is present (instruction-only), which is low risk. The repository contains optional hook files and three small shell scripts plus hook handlers; manual copy instructions target user-owned paths (~/.openclaw, project dirs). The extract-skill.sh helper writes new skill scaffolds but includes checks (rejects absolute paths and '..') and requires explicit invocation.
- Credentials
- okThe skill declares no environment variables, no credentials, and no config paths. The scripts read CLAUDE_TOOL_OUTPUT (documented) for error detection — that is proportional to the stated purpose of detecting command errors. There are no unexpected SECRET/TOKEN environment requirements.
- Persistence & Privilege
- okalways is false and the skill does not request permanent/system-wide privileges. Hooks are opt-in and must be explicitly enabled. The provided activator and error-detector scripts run with the same user permissions as the agent — normal for hooks — and the extract script writes only to a relative ./skills directory (with checks).