Self-Improving Agent (ORBIT)
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is transparent about being a self-improvement memory system, but it can write persistent instructions and share context across sessions, which deserves review before use.
Install only if you are comfortable with an agent maintaining persistent learning files and possibly using them in future sessions. Review entries before promotion, avoid storing secrets or private transcripts, keep cross-session sharing explicit and minimal, and verify the exact package/source because the documented install slug differs from the evaluated registry slug.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A wrong or sensitive learning could be reused as guidance in later sessions, changing the agent's behavior or exposing details from past work.
The skill stores learnings and promotes them into files that become future agent context. The artifacts do not clearly require user approval, secret redaction, retention limits, or a rule that logged content is treated only as untrusted notes.
OpenClaw injects these files into every session ... MEMORY.md ... .learnings/ ... Broadly applicable learning | Promote to CLAUDE.md, AGENTS.md, and/or .github/copilot-instructions.md
Only promote entries after explicit review; redact secrets and private data; keep project-specific learnings scoped; periodically inspect and clean .learnings and workspace prompt files.
Information from one session could be read, forwarded, or acted on by another session or background agent beyond the user's immediate task.
The documentation encourages cross-session transcript access, messaging, and spawning background sub-agents, but does not specify identity checks, permission boundaries, data minimization, or when user approval is required.
sessions_history(sessionKey="session-id", limit=50) ... sessions_send(sessionKey="session-id", message="Learning: API requires X-Custom-Header") ... sessions_spawn(task="Research X and report back", label="research")
Use cross-session tools only with explicit user consent, send minimal sanitized context, verify the target session, and avoid spawning sub-agents with sensitive information.
Following the documentation could lead a user to install or compare a differently named package than the one being reviewed.
The evaluated registry slug is self-improving-agent-orbit, while the documentation and _meta.json refer to self-improving-agent. This does not show malicious behavior, but it creates provenance and installation-target ambiguity.
clawdhub install self-improving-agent
Verify the package slug, owner, and source repository before installing, and prefer installing the exact reviewed artifact.
If enabled, every new session may receive additional self-improvement instructions until the hook is disabled.
The optional hook persistently injects a reminder at agent bootstrap. It is disclosed and purpose-aligned, but it changes session context whenever enabled.
events":["agent:bootstrap"] ... Injects a reminder to evaluate learnings during agent bootstrap.
Enable the hook only if you want persistent reminders, and disable it if it becomes intrusive or affects workflows unexpectedly.