self-improving-agent
v3.0.13Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⭐ 3k· 355k·5.5k current·5.8k all-time
by@pskoett
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name and description (capture learnings/errors/promotions) match the included files and scripts: activator outputs reminders, error-detector checks tool output for failures, extract-skill.sh scaffolds new skills, and hook handlers inject a bootstrap reminder. There are no unrelated credentials, network endpoints, or surprising binaries required.
Instruction Scope
Runtime instructions and scripts operate on local workspace files (.learnings/ and OpenClaw workspace) and inject virtual reminder files. The error detector reads the CLAUDE_TOOL_OUTPUT environment variable (an agent-provided value) to detect failures — this is expected for the PostToolUse hook, but it means command output may be examined by the hook. SKILL.md explicitly warns not to record secrets and to prefer redacted summaries, which is appropriate. Review the behavior if you plan to log verbatim tool output or transcripts.
Install Mechanism
There is no built-in install spec; installation is manual or via ClawdHub as documented. SKILL.md suggests cloning from a GitHub repo (author's repo), which is normal, but the registry metadata lists 'Source: unknown' and no homepage — consider verifying the upstream repository and commit before copying or running scripts. No downloads or archive extraction from untrusted URLs are performed by the skill itself.
Credentials
The skill declares no required environment variables or credentials. The scripts expect runtime-provided context (CLAUDE_TOOL_OUTPUT) for error detection; that is appropriate for a hook that analyzes tool output. The package does not request unrelated secrets or cloud credentials.
Persistence & Privilege
always:false (default). Hooks and files are opt-in: enabling the OpenClaw hook or copying files modifies your local OpenClaw hooks/skills directories but the skill itself does not demand permanent inclusion or elevated privileges. The extract script can create files under the current workspace (expected for a scaffolding tool) and includes some path-safety checks.
Assessment
This skill appears to do what it claims: inject lightweight reminders, detect command errors from agent-provided output, and scaffold local learning files. Before installing or enabling hooks: 1) verify the upstream repository/commit referenced in SKILL.md (the registry lists 'Source: unknown'), 2) review the scripts (activator.sh, error-detector.sh, extract-skill.sh) so you understand what files will be created and when, 3) don't enable the PostToolUse hook globally if you are concerned about hooking command output in untrusted environments (use UserPromptSubmit only or add matcher filters), and 4) follow the skill's own guidance — avoid logging secrets or full transcripts. If you need lower risk, copy the SKILL.md documentation without enabling hooks, or enable hooks only in isolated/trusted workspaces.Like a lobster shell, security has layers — review code before you run it.
latestvk975zkn3h1qaa7dynqxq27sazx8448fj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.