Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Self Improving Agent Local
v1.0.10Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⭐ 0· 636·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the artifacts: hooks inject reminders at bootstrap, activator and error-detector scripts prompt logging, and extract-skill.sh scaffolds new skills. The only declared env var (CLAUDE_TOOL_OUTPUT) is used by the error-detector script as expected. No unrelated credentials, binaries, or install actions are requested.
Instruction Scope
Runtime instructions stay within the stated goal (create .learnings/, append entries, optionally promote learnings, install an OpenClaw hook). One important caveat: the Error Entry template explicitly encourages including 'Full source of all included files' in ERROR.md and the SKILL.md describes promoting entries to shared workspace files; that is coherent for debugging but can capture and persist sensitive code/config or secrets if present. Users should avoid logging secrets and review what the agent will capture before promoting learnings to shared workspace files.
Install Mechanism
No automatic install spec; instruction-only with local scripts and optional manual git clone from GitHub. Scripts are included in the package (activator.sh, error-detector.sh, extract-skill.sh) and create or modify files under the local workspace. No remote downloads or archive extraction at install time.
Credentials
Only CLAUDE_TOOL_OUTPUT is declared and referenced. The scripts read that variable to detect errors; no other credentials or sensitive environment variables are requested. There are no unexplained secret or cloud credentials requested by the skill.
Persistence & Privilege
The skill is opt-in (always:false) and requires explicit hook enablement. Hooks and scripts run with the same user permissions as the agent; activator outputs text reminders only, but extract-skill.sh can write new skill files to the local workspace if you run it. This behavior is consistent with the purpose, but enabling hooks or installing at user/global scope will cause code to run automatically on events — review and test scripts before enabling globally.
Assessment
This skill appears coherent and low-risk for its stated local self-improvement purpose, but take these precautions before installing or enabling hooks:
- Review the scripts (activator.sh, error-detector.sh, extract-skill.sh and the hook handlers) yourself. They run with your user permissions and can write files in the workspace.
- Be careful what you log: the error template suggests appending full source and file contents to .learnings/ERRORS.md. Do NOT include secrets, private keys, or credentials in learning entries or when promoting entries to shared workspace files.
- Prefer project-scoped activation (project-level settings) rather than user/global hooks until you verify behavior. Use matcher filters to limit when hooks run.
- If you pull the repository, verify the GitHub source and its commit history if you need higher assurance.
- Test in an isolated workspace first: create a temporary project, enable the minimal activator-only setup, and observe outputs before enabling PostToolUse hooks or running extract-skill.sh.
If you want, I can extract the exact lines in the scripts that create or write files and highlight anything that writes outside the current workspace or that could send data externally.Like a lobster shell, security has layers — review code before you run it.
latestvk97fawc4whtxrjezvrehkqmtgs81naxs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
EnvCLAUDE_TOOL_OUTPUT