ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Active Self-Improvement

v1.3.0

Active self-improvement loop that reads learnings, errors, batch outputs, and memory — detects patterns — and UPDATES skills/protocols/behavior automatically...

0· 264·0 current·0 all-time
byKairoKid@dodge1218
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description claim an automatic self-improvement loop; the SKILL.md implements exactly that (scan logs, propose edits, apply changes). No unrelated environment variables or binaries are requested, so capability and purpose are aligned.
!
Instruction Scope
The instructions direct the agent to read repository and agent-state files (.learnings/ERRORS.md, memory/permanent/*.md, workspace/*) and to write edits to other skill documents (e.g., add '## Learned' entries, update SOUL.md/AGENTS.md, memory files, OUTSTANDING.md, NEXT_TICKET.md). It also prescribes automatic application rules (apply low-risk immediately; medium notify later; high-risk wait) and fuzzy matching of errors to skill names. This grants broad discretion to modify other skills and persistent memory with limited human review.
Install Mechanism
Instruction-only skill with no install spec or code files. Lowest install risk — nothing is downloaded or executed beyond what the agent is instructed to do at runtime.
Credentials
No environment variables, credentials, or external config paths are requested. The skill only references repository and agent-local paths, which is proportional to an auto-improvement function.
!
Persistence & Privilege
Although always:false, the skill is intended to autonomously run on schedules or triggers and to modify other skills' files and memory. The instructions explicitly direct changing other skills' content (writing '## Learned' sections, updating memory) which is precisely the kind of cross-skill modification the policy flags as a privilege concern without explicit guardrails.
What to consider before installing
This skill does what it says — it will scan agent logs and memory and can automatically edit other skills and persistent memory. That's powerful but risky because mistakes or buggy heuristics could alter behavior across your agents. Before installing: 1) Require dry-run by default and review proposed changes; never auto-apply low/medium changes without human approval unless you trust the environment. 2) Restrict its write scope to a sandboxed directory or a git branch and enable automatic backups/versioning so edits can be reverted. 3) Add explicit approval gates for 'medium' and 'high' risk changes and keep an audit log of every change and its Pattern-Key. 4) Run it in a test agent with representative data first and validate proposals against a test suite. 5) Limit its scheduling/autonomy (avoid enabling unattended runs) until you are confident in its proposals. These mitigations will reduce the chance it silently alters other skills or agent memory in undesirable ways.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e07mka9w4g7mn8r1xwy91z184321w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments