Self Improving Agent 1.0.5
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is mostly a disclosed self-improvement logger, but it can persist learned instructions and error details into future agent context without clear approval, redaction, or review safeguards.
Install only if you want an agent to keep persistent learning notes. Before enabling hooks or promotion workflows, decide where learnings may be stored, require approval before writing to AGENTS.md, SOUL.md, MEMORY.md, CLAUDE.md, or Copilot instructions, and redact secrets or private command output from logs.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or maliciously influenced learning could be reused as future instructions and change the agent’s behavior across sessions.
The skill explicitly relies on persistent workspace files becoming future prompt context. Captured learnings or incorrect/untrusted instructions can therefore influence later sessions.
OpenClaw injects these files into every session: ... AGENTS.md ... SOUL.md ... TOOLS.md ... MEMORY.md ... .learnings/
Require explicit user review before promoting learnings into injected prompt files, mark sources, and keep a rollback path for removing bad entries.
Sensitive details from failed commands or user corrections may be written into long-lived markdown files and later reintroduced into agent context.
The logging format asks the agent to persist detailed command and environment context, which can include secrets, tokens, internal paths, or private user data; no redaction or retention guidance is provided.
Actual error message or output ... Input or parameters used ... Environment details if relevant
Add clear rules to redact secrets and personal data, avoid storing full command output by default, and let the user confirm sensitive entries.
Learnings or transcript content may move between sessions, so private context from one task could influence another.
The skill documents cross-session transcript reading, message sending, and sub-agent spawning as part of sharing learnings. This is purpose-aligned, but the artifacts do not define data boundaries or consent expectations.
sessions_history — Read another session's transcript ... sessions_send — Send a learning to another session ... sessions_spawn — Spawn a sub-agent for background work
Use these tools only when needed, avoid sending private transcript details, and ask before sharing sensitive session content.
Enabling the hooks adds recurring local script execution during agent use, even though the reviewed scripts appear limited to reminder output.
The optional setup runs local shell scripts on prompt submission and after Bash tool use. The provided scripts only emit reminders, and setup is opt-in, but users should understand that hooks execute repeatedly.
"UserPromptSubmit" ... "command": "./skills/self-improvement/scripts/activator.sh" ... "PostToolUse" ... "command": "./skills/self-improvement/scripts/error-detector.sh"
Enable hooks only if you want this behavior, review the scripts before enabling, and keep hook paths scoped to the intended project or workspace.