Skillv1.0.0

ClawScan security

Self Improving Agent 1.0.5 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 19, 2026, 11:31 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime instructions are coherent with its stated purpose (logging learnings and injecting reminders) and do not request unrelated credentials or perform unexpected network installs; review and opt-in configuration are required before it runs.
Guidance: This skill appears to do what it says: inject lightweight reminders and help you log learnings. Before installing: (1) Inspect the hook files and scripts (activator.sh, error-detector.sh, extract-skill.sh) yourself and verify you’re comfortable with them; (2) Only enable hooks (openclaw hooks enable or adding to ~/.claude/settings.json) if you trust the skill — hook scripts run with the same permissions as the agent and will run on configured events; (3) Note the error detector optionally reads CLAUDE_TOOL_OUTPUT to detect failures (it does not exfiltrate data); (4) extract-skill.sh will create files under the SKILLS_DIR (default ./skills or the env var you set), so run with --dry-run first if unsure; (5) Prefer the minimal setup (activator only) if you want reminders without running PostToolUse hooks. If you want higher assurance, verify the repository/source and test the scripts in a sandboxed environment before adding them to your global user-level settings.

Review Dimensions

Purpose & Capability: okName/description (capture learnings, errors, corrections) align with the delivered files: hook handlers inject a bootstrap reminder, activator and error-detector shell scripts emit lightweight reminders, and an extraction helper scaffolds new skills. Files and scripts are proportionate to the stated purpose.
Instruction Scope: noteSKILL.md instructs creating workspace .learnings, copying/enabling OpenClaw hooks, and optionally configuring scripts to run on prompt/tool events. The scripts only output reminders or create local skill scaffolds; the error-detector reads CLAUDE_TOOL_OUTPUT to detect failures. These behaviors match the stated purpose, but enabling PostToolUse/hooks will cause the provided scripts to run automatically on events if you opt in.
Install Mechanism: okNo automated install spec is present (instruction-only + optional manual copy). The scripts and handlers are local files; there are no downloads from remote URLs or package installs. Risk is limited to what you opt to copy/enable locally.
Credentials: noteThe skill declares no required env vars or credentials. At runtime the error-detector script reads CLAUDE_TOOL_OUTPUT (if present) to detect errors and activator/extractor respect SKILLS_DIR/SKILLS_DIR env overrides — these are reasonable for the stated function but are not declared in requires.env. No broad secret access or unrelated credentials are requested.
Persistence & Privilege: okalways:false and user-invocable:true (default) — the skill does not force itself into every session. Hook installation and enabling are explicit steps the user must perform. The skill does not modify other skills' configs or request elevated system privileges.