Back to skill
Skillv1.0.0
VirusTotal security
Self Improving Agent 1.0.5 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:12 AM
- Hash
- e187e31e1df4284f890db4052c4b03638d1713d0bc361e906dc1e26889cee5a2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: self-improving-agent-1-0-5 Version: 1.0.0 The skill bundle is designed for agent self-improvement, involving logging learnings and errors to markdown files and promoting them to workspace memory files. While the core functionality is benign, the `scripts/extract-skill.sh` script allows the output directory (`SKILLS_DIR`) to be overridden, which, combined with the agent's ability to execute arbitrary commands based on prompt instructions, presents a significant vulnerability for arbitrary file creation (e.g., in sensitive system directories). Additionally, the `SKILL.md` instructs the agent to modify files like `AGENTS.md`, `SOUL.md`, `TOOLS.md`, and `.github/copilot-instructions.md` within the agent's workspace, which could be leveraged for prompt injection attacks against other agents or systems if malicious content were injected into these files.
- External report
- View on VirusTotal