Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Chen Self Improvement
v1.0.0Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⭐ 0· 75·0 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the delivered artifacts: README, hook handlers, activator and error-detector scripts, and a skill-extraction helper all support logging learnings and injecting reminders. The files present (hooks, scripts, docs) are proportionate to a self-improvement / logging skill.
Instruction Scope
SKILL.md explicitly encourages appending "Full source of all included files" into error entries and promoting learnings into shared workspace files. That instruction can cause broad data collection (including secrets, private files, or code containing credentials) and propagation to cross-session or repo-level files. It also provides steps to enable hooks that run scripts automatically on prompts and tool use — increasing the surface for accidental data capture or unintended execution.
Install Mechanism
There is no opaque network installer or archive. The docs recommend git cloning from GitHub (an expected install method). The included scripts and handlers run locally and the extract helper enforces safe relative paths. No remote downloads or executables fetched from arbitrary hosts were found.
Credentials
The skill does not request secrets or declare required env vars, which is appropriate. However scripts (error-detector.sh) read CLAUDE_TOOL_OUTPUT — an agent-provided environment variable not listed in requires.env (non-sensitive platform variable). The skill asks to write and promote files under ~/.openclaw/workspace and to modify agent hook configuration; these are expected but grant write access to user/workspace files and should be enabled deliberately.
Persistence & Privilege
always:false (normal). The skill instructs enabling OpenClaw/agent hooks and adding user-level settings so scripts run automatically. While not privileged by default, enabling hooks gives the skill opportunity to execute scripts on lifecycle events with the same permissions as the agent — review and opt in at appropriate scope (project vs user).
Scan Findings in Context
[none_detected] expected: No regex/static-scan findings were reported. The code uses expected operations (pushing virtual bootstrap files, reading CLAUDE_TOOL_OUTPUT, creating files locally).
What to consider before installing
This skill looks like what it says — a set of reminders, helper scripts, and a hook to capture learnings — but take these precautions before installing or enabling hooks:
- Review the scripts and hook handler yourself (activator.sh, error-detector.sh, extract-skill.sh, handler.{js,ts}). They will run with the agent's permissions when hooks are enabled.
- Do NOT blindly follow the guidance to "append full source of all included files" into .learnings/; that can leak secrets, keys, or private data. Instead redact secrets and only log minimal context needed to reproduce/resolve the issue.
- Prefer project-level hook config rather than global/user-level hooks. That limits accidental global execution.
- If you enable PostToolUse hooks (error detector), test them on a copy/isolated project first. Use file permissions and run the activator/error-detector in dry-run mode if possible.
- When using extract-skill.sh, start with --dry-run to see what would be created. The script has some safety checks, but confirm output paths before writing to shared directories.
- If you plan to promote learnings to shared workspace files (SOUL.md, AGENTS.md, TOOLS.md), review entries for sensitive content before promoting or sharing them across sessions or in a repository.
If you want, I can highlight the exact lines in the scripts/README that warrant manual review or produce a short checklist of what to redact before logging learnings.Like a lobster shell, security has layers — review code before you run it.
latestvk97c44bgda38qyr6q4yrhwr0s183cskr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.