testaaa
v1.0.0Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⭐ 1· 58·0 current·0 all-time
by@chaotec
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's documented purpose is to capture learnings/errors and optionally install hook files for OpenClaw—this matches the included scripts and hook handlers. Minor metadata mismatch: the registry name/slug shown to you ('testaaa') differs from the SKILL.md name ('self-improvement') and _meta.json slug/owner fields, which is confusing but not a functional security problem.
Instruction Scope
Runtime instructions and hooks stay within the stated scope: create or update .learnings/* files, inject lightweight reminder content, and detect error patterns in tool output. The error-detector script reads the CLAUDE_TOOL_OUTPUT environment variable (not declared in requires.env) to detect failures — this is expected for a tool-use hook and the SKILL.md explicitly warns against logging secrets or raw outputs.
Install Mechanism
There is no automated install spec (no downloading/extracting remote archives). Scripts and hook handlers are included in the package; the README instructs the user to manually copy/enable them in their OpenClaw hooks directory. No remote code fetches or opaque installers were found.
Credentials
The skill requires no credentials or special environment variables. It does read CLAUDE_TOOL_OUTPUT (an agent-provided variable) and uses filesystem paths like ~/.openclaw and project-relative directories when installing hooks or writing learnings. This access is proportional to the stated behavior but you should be aware that command outputs can contain sensitive data and the SKILL.md explicitly warns not to log secrets.
Persistence & Privilege
The skill is not marked always:true and does not request persistent elevated privileges. Hook installation is opt-in (manual copy + enable). The extract-skill.sh script writes new skill scaffolds under the current workspace and includes checks to avoid absolute paths and '..' segments, which is a reasonable safety measure.
Assessment
This skill appears to do what it says: inject lightweight reminders, detect command failures, and write learning entries to .learnings/*. It does not request secrets or perform network installs. Before enabling hooks, consider: (1) enable only the activator (UserPromptSubmit) if you want minimal noise; enabling PostToolUse will examine command output (CLAUDE_TOOL_OUTPUT) which can include sensitive data — ensure you trust the environment and follow the SKILL.md guidance to redact secrets; (2) verify the hook copy paths and file permissions before enabling; (3) be aware of the minor metadata mismatch (registry name vs internal name) — confirm you installed the intended skill/version. If you want additional assurance, review the scripts (activator.sh, error-detector.sh, extract-skill.sh) yourself and test them in a safe sandbox before enabling globally.Like a lobster shell, security has layers — review code before you run it.
latestvk974t90y6y70dkhvf2nd6kqjxd843z5e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.