Skillv2.0.0

ClawScan security

Self Improving Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 14, 2026, 11:17 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The package contains local logging and skill-generation scripts that match the stated goal, but the SKILL.md and skill.json claim proactive/automatic behaviors (heartbeat, auto-generalization, on_task_complete hooks) that the included code does not implement or that are inconsistent with how the CLI tools operate.
Guidance: This package appears to implement local logging and a simple skill-generation CLI that stores data under ~/.openclaw — that part is coherent and low-risk. The red flag is a mismatch: the README and SKILL.md describe autonomous, always-on behaviors (heartbeat, auto-generalization, proactive detection) but the included Python scripts are manual/CLI tools and contain no background or pattern-detection logic. Before installing or enabling this skill: - Understand that the code only runs when invoked; it does not include a daemon or network calls. If you want automatic behavior, this package does not implement it. - Confirm how your OpenClaw host will invoke hooks from skill.json. If the platform automatically calls on_task_complete or other hooks, check what arguments it will pass — generate_skill.py expects specific CLI args and may fail or create entries if invoked differently. - Review and periodically inspect ~/.openclaw/memory/self-improving and ~/.openclaw/skills-generated for generated SKILL.md files; manually review any generated Skill before trusting it. - Backup any existing ~/.openclaw data before first run. Given the mismatch between claimed autonomous features and the actual implementation, treat this as potentially sloppy or over-promising rather than overtly malicious; proceed with caution and prefer manual invocation until you confirm platform hook behavior.

Review Dimensions

Purpose & Capability: noteName/description align with the provided code: the scripts log errors/corrections/best-practices, check remembered items, and can generate simple SKILL.md files and a local registry. Nothing in the code requests unrelated credentials or system access. However, the manifest and documentation claim more advanced, always-on capabilities (automatic pattern detection, heartbeat scans, proactive auto-generalization) that are not implemented by the included scripts.
Instruction Scope: concernSKILL.md describes proactive, autonomous behavior (heartbeat scans, detecting repeated patterns, auto-generalize after 3 repeats, proactive proposals), but the runtime artifacts are simple CLI tools that only operate when invoked and have no background process, pattern-detection logic, or model integration. skill.json declares hooks (on_task_complete, on_error, etc.) pointing to the scripts, but those scripts expect CLI arguments and do not implement a robust event-driven API. This mismatch could cause unexpected behavior if the platform invokes hooks with different inputs, or it could be over-promising functionality to users.
Install Mechanism: okNo install spec or network downloads; this is effectively instruction-only with small local Python scripts. No external packages or downloads are pulled in. Files write to user home under ~/.openclaw by default which is expected for a local memory/skill generator.
Credentials: okThe code optionally reads OPENCLAW_HOME to locate storage but otherwise requires no credentials, no environment secrets, and no special system paths. All storage is under a user-writable path (~/.openclaw or similar). This is proportional to the stated purpose.
Persistence & Privilege: noteThe skill writes persistent data under ~/.openclaw (memory files, skills-generated and a local registry). always is false and the code does not modify other skills or global system settings. However, skill.json declares hooks that a host platform might invoke; depending on how the platform supplies arguments, that could lead to automatic skill generation or error messages. Generated skills are auto_trigger:true by default in generated registry entries, so generated SKILL.md can be later recommended by the agent — review required.