自我成
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You could accidentally install or update a different source than the registry entry you intended to review.
The install instructions reference a different package identity than the registry slug shown for this review, and the manual path is an unpinned external GitHub clone. This is user-directed, but it is a provenance gap.
clawdhub install self-improving-agent ... git clone https://github.com/peterskoett/self-improving-agent.git ~/.openclaw/skills/self-improving-agent
Verify the package slug, publisher, and repository before installing, especially before enabling hooks.
Secrets, private context, or mistaken conclusions could be stored and reused in later sessions, influencing future agent behavior.
The skill persists conversation-derived learnings and errors, then promotes some of them into future project memory. The artifacts do not define redaction, retention, approval, or trust boundaries for sensitive or incorrect content.
Log learnings and errors to markdown files for continuous improvement... important learnings get promoted to project memory.
Require explicit user approval before saving or promoting entries, redact secrets and personal data, and review memory files before they are loaded into future sessions.
If used carelessly, information from one session could be exposed to or influence another session.
The documentation describes cross-session transcript reading and message sending as part of sharing learnings. This is purpose-aligned documentation, but transcript sharing can cross privacy boundaries.
sessions_history Read transcript from another session:
Only read or send session history with user awareness, and avoid sharing sensitive conversation details across sessions.
A bad learning could become persistent guidance that future agents follow repeatedly.
Promoting a learning into shared agent instruction files can propagate an incorrect, poisoned, or sensitive entry across future sessions and possibly other tools or teammates if committed.
Broadly applicable learning | Promote to `CLAUDE.md`, `AGENTS.md`, and/or `.github/copilot-instructions.md`
Treat promotions as reviewed changes: ask the user, keep sources attached, and require normal code review before committing shared instruction files.
If enabled, the agent will receive self-improvement reminders in future sessions.
The optional OpenClaw hook injects a reminder into bootstrap context. The behavior is disclosed and limited to reminder text, but it is persistent once enabled.
event.context.bootstrapFiles.push({ path: 'SELF_IMPROVEMENT_REMINDER.md', content: REMINDER_CONTENT, virtual: true })Enable the hook only if you want recurring reminders, and disable or remove it if the extra prompt context becomes intrusive.