ClawHub
Back to skill
v1.0.0

ksdsl-skilll

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:34 AM.

Analysis

The skill is transparent about self-improvement, but it asks the agent to persist and promote learnings into future-session instruction/memory files and share information across sessions without clear approval or boundary safeguards.

GuidanceInstall only if you are comfortable with a skill that writes persistent learning and instruction files. Before use, require confirmation before promoting learnings to memory or agent-instruction files, avoid storing sensitive details, and review any external repository or hook before enabling it.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Cascading Failures
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Coding agents can later process these into fixes, and important learnings get promoted to project memory ... CLAUDE.md ... AGENTS.md ... .github/copilot-instructions.md

The workflow can propagate a logged learning into multiple agent instruction files and later coding-agent fixes, so one bad entry can affect multiple tools or future tasks.

User impactAn incorrect learning could spread into project conventions, automation instructions, Copilot context, or later code changes.
RecommendationTreat promoted learnings and agent-generated fixes as reviewable changes, preferably through a diff or pull request, and keep entries scoped to the project where they were learned.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
git clone https://github.com/peterskoett/self-improving-agent.git ~/.openclaw/skills/self-improving-agent ... cp -r hooks/openclaw ~/.openclaw/hooks/self-improvement

Although the reviewed artifact is instruction-only, it points users to an external repository and optional hook files that are not included in the provided manifest.

User impactInstalling or enabling the referenced external hook could introduce behavior not visible in this reviewed artifact.
RecommendationReview the external repository and hook contents before installing or enabling them, and prefer a pinned, trusted release.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityHighConfidenceHighStatusConcern
SKILL.md
OpenClaw injects these files into every session ... When learnings prove broadly applicable, promote them to workspace files

The skill instructs the agent to persist learnings into files that become future prompt or memory context, but does not state clear validation or approval rules before promotion.

User impactA mistaken, sensitive, or attacker-influenced correction could be remembered and reused in later sessions, causing the agent to follow bad guidance or retain information the user did not intend to preserve.
RecommendationRequire explicit user approval before promoting learnings into persistent instruction or memory files, label the source and trust level of each entry, sanitize sensitive data, and keep a rollback path.
Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusConcern
SKILL.md
sessions_history — Read another session's transcript ... sessions_send — Send a learning to another session ... sessions_spawn — Spawn a sub-agent for background work

The skill describes reading transcripts from other sessions, sending learnings between sessions, and spawning sub-agents without defining identity checks, user consent, or data-minimization boundaries.

User impactPrivate information from one session could be copied into another session or given to a sub-agent in a way the user did not expect.
RecommendationUse cross-session transcript access and session messaging only after explicit user confirmation, share only minimal sanitized summaries, and avoid spawning background agents unless the user requests it.