ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Self-Improve

v2.2.1

A pluggable self-improvement framework for AI agents. Automatically learns from mistakes, corrections, and feedback to continuously improve execution quality...

0· 222·2 current·2 all-time
byDon Li@don068589
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description match the included scripts: they scan feedback, distill rules, maintain HOT/WARM/COLD memories, propose changes, and can create/maintain knowledge files. That capability set is coherent with a self-improvement framework. However the skill is explicitly designed to operate at a system/shared scope (engine text: scanning '/path/to/self-improve' and 'read each agent's session logs (if accessible)') and to write system files (AGENTS.md, openclaw.json, SKILL.md) when proposals are 'solidified'. Those system-level operations are more powerful than a purely local/self-contained improvement tool and warrant caution.
!
Instruction Scope
SKILL.md and ENGINE.md instruct the agent to run setup, register a cron entry, scan memory logs, and propose or write to system files. The scripts will read and write many files under the configured SELF_IMPROVE_ROOT (feedback, corrections, hot/warm/cold memory, proposals). The framework also states it can create new directories/files without asking and that only 'solidification' requires confirmation — but many non-system outputs are written automatically. If the configured storage paths point to shared/global agent directories (e.g., .openclaw, /path/to/learned, or root of agent system), the skill will read other agents' logs and write to system files, which goes beyond a narrowly scoped tool.
Install Mechanism
No install spec — instruction-only. That reduces supply-chain risk, but the package includes runnable Node.js scripts (setup.mjs, run scripts). Running these local scripts will execute code on disk (no external downloads), so risk shifts to runtime file operations rather than package download vectors.
Credentials
The skill requests no environment variables or external credentials (good). But it relies entirely on user-configured paths (user-config.yaml / storage.root / knowledge_root / workspace_root). Those path settings control what the skill reads/writes; if mis-set to global/system locations, the skill gains broad access. The number of required env/creds is proportionate, but the path configuration gives it broad potential reach.
!
Persistence & Privilege
always:false (normal), and the skill is user-invocable and can be autonomously invoked by the agent. More importantly, SKILL.md/ENGINE.md state the setup writes a Cron entry (and mentions writing a prompt to Cron configuration), and the framework can create directories/files and update indexes automatically. Combined, these grant the skill persistent, periodic execution and the ability to modify system/shared files — a significant privilege if storage paths are global.
What to consider before installing
This skill contains many local Node scripts that will read and write files under whatever storage root you configure — including the ability to create directories, add cron tasks, and propose changes that can be applied to system files (AGENTS.md, SKILL.md, openclaw.json, etc.). Before installing or running it: 1) Inspect setup.mjs and any code that modifies cron or writes to openclaw.json to understand exactly what will be changed. 2) Ensure user-config.yaml storage.root and knowledge_root point to an isolated directory you control (not the global .openclaw, agent home, or system config directories). 3) Run the skill in a sandbox or test environment first. 4) Confirm that the approval workflow actually prevents automatic writes to critical system files (review scripts that perform 'execution' after approval). 5) Limit filesystem permissions for the directory the skill uses so it cannot accidentally overwrite global agent configs. If you cannot audit the setup & execution scripts yourself, avoid enabling cron/automatic runs or limit the skill to manual invocations only.

Like a lobster shell, security has layers — review code before you run it.

latestvk978zk39rk9gs9f9vvpf47b2v183wzhj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments