Self Improving Agent 1.0.0
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: self-improving-agent-1-0-0 Version: 1.0.0 The skill is designed for agent self-improvement by logging learnings and errors. While its stated purpose is benign, it instructs the agent to modify core project memory files like `CLAUDE.md` and `AGENTS.md` (as described in SKILL.md under 'Promoting to Project Memory'). This capability, although intended for adding 'rules' and 'facts', allows the agent to alter its own future instructions and knowledge base. This presents a significant risk for persistent prompt injection or self-modification if the agent were to process a malicious 'learning' or be compromised, classifying it as suspicious due to a risky capability without explicit malicious intent within the provided instructions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive information could be saved into project files and later read by agents or accidentally committed/shared.
The skill directs the agent to persist raw error output, inputs, parameters, and environment details. These can contain secrets, private paths, customer data, or sensitive operational details, and the artifact does not include redaction or approval guidance.
Actual error message or output ... Command/operation attempted ... Input or parameters used ... Environment details if relevant
Require review and redaction before writing learning entries, avoid storing secrets or personal data, and consider adding `.learnings/` to `.gitignore` unless the user intentionally wants to share it.
Incorrect or poisoned learnings could become standing instructions for future agent sessions and cause repeated mistakes or unsafe automation.
The skill tells the agent to write distilled learnings into persistent project memory files that can influence future agent behavior, but it does not require explicit user confirmation or validation before modifying those files.
When a learning is broadly applicable ... promote it to permanent project memory ... CLAUDE.md ... AGENTS.md ... Add to appropriate section in target file
Only modify CLAUDE.md or AGENTS.md after showing the user a diff and receiving explicit approval; keep entries factual, scoped, and reversible.