ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Self Improving Agent 1.0.0

v1.0.0

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

1· 1.7k·8 current·8 all-time
by@dc-acronym
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the behavior in SKILL.md: creating and appending learning/error/feature-request entries to .learnings/* and promoting broad learnings to project files (CLAUDE.md, AGENTS.md). No unexpected binaries, env vars, or network endpoints are requested.
Instruction Scope
Instructions stay within the stated purpose (logging and promoting learnings). They explicitly instruct the agent to create/write .learnings/, append formatted Markdown, search the .learnings/ directory, and update project files. This is expected for a logging skill, but the guidance is broad (e.g., 'Environment details if relevant' and 'Promote to project memory') and grants the agent permission to modify repository files — consider whether you want autonomous edits vs. user-approved changes.
Install Mechanism
No install spec and no code files — lowest risk. The skill is instruction-only and will not download or write executables to disk beyond the Markdown files it instructs the agent to create.
Credentials
The skill declares no required environment variables or credentials, which is appropriate. However, the logging templates encourage capturing 'Environment details' and 'Context' for errors; without explicit redaction guidance the agent could inadvertently log sensitive config, secrets, or credentials from the environment. This is a privacy/safety concern to mitigate operationally.
Persistence & Privilege
always:false and default invocation settings are appropriate. The skill will persist data by writing project files (.learnings/*, CLAUDE.md, AGENTS.md) — this is expected for its purpose but does mean the agent will modify repository contents, so consider commit/review controls.
Assessment
This skill is coherent and appears to do what it says: log learnings/errors to .learnings/*. Before installing, consider these operational safeguards: (1) Decide whether the agent should write directly to the repo or only prepare entries for human review — require manual approval before committing/promoting entries. (2) Add .learnings/* to .gitignore or otherwise ensure sensitive logs aren't accidentally committed to VCS. (3) Add an explicit redaction step to the skill (or your agent workflow) so environment details, stack traces, or pasted inputs are scrubbed for secrets (API keys, passwords, tokens, PII) before being saved. (4) Limit who or what can invoke this skill if you don't want autonomous edits. (5) If you prefer centralized, auditable storage for learnings, adapt the workflow to send sanitized entries to a secure logging store rather than raw files. These mitigations will preserve the skill's usefulness while reducing accidental leakage or unwanted repo modification.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f1q5nk0as2vnagrs0xfgpgx7zc98t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments