Skillv1.0.10

ClawScan security

Self Improving Agent Local · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 22, 2026, 2:50 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, scripts, and instructions are consistent with its stated purpose (capture and log learnings/errors locally); it requests only one purpose-related env var and is opt‑in, but review the scripts and be cautious about logging sensitive file contents before enabling hooks globally.
Guidance: This skill appears coherent and low-risk for its stated local self-improvement purpose, but take these precautions before installing or enabling hooks: - Review the scripts (activator.sh, error-detector.sh, extract-skill.sh and the hook handlers) yourself. They run with your user permissions and can write files in the workspace. - Be careful what you log: the error template suggests appending full source and file contents to .learnings/ERRORS.md. Do NOT include secrets, private keys, or credentials in learning entries or when promoting entries to shared workspace files. - Prefer project-scoped activation (project-level settings) rather than user/global hooks until you verify behavior. Use matcher filters to limit when hooks run. - If you pull the repository, verify the GitHub source and its commit history if you need higher assurance. - Test in an isolated workspace first: create a temporary project, enable the minimal activator-only setup, and observe outputs before enabling PostToolUse hooks or running extract-skill.sh. If you want, I can extract the exact lines in the scripts that create or write files and highlight anything that writes outside the current workspace or that could send data externally.

Review Dimensions

Purpose & Capability: okName/description match the artifacts: hooks inject reminders at bootstrap, activator and error-detector scripts prompt logging, and extract-skill.sh scaffolds new skills. The only declared env var (CLAUDE_TOOL_OUTPUT) is used by the error-detector script as expected. No unrelated credentials, binaries, or install actions are requested.
Instruction Scope: noteRuntime instructions stay within the stated goal (create .learnings/, append entries, optionally promote learnings, install an OpenClaw hook). One important caveat: the Error Entry template explicitly encourages including 'Full source of all included files' in ERROR.md and the SKILL.md describes promoting entries to shared workspace files; that is coherent for debugging but can capture and persist sensitive code/config or secrets if present. Users should avoid logging secrets and review what the agent will capture before promoting learnings to shared workspace files.
Install Mechanism: okNo automatic install spec; instruction-only with local scripts and optional manual git clone from GitHub. Scripts are included in the package (activator.sh, error-detector.sh, extract-skill.sh) and create or modify files under the local workspace. No remote downloads or archive extraction at install time.
Credentials: okOnly CLAUDE_TOOL_OUTPUT is declared and referenced. The scripts read that variable to detect errors; no other credentials or sensitive environment variables are requested. There are no unexplained secret or cloud credentials requested by the skill.
Persistence & Privilege: noteThe skill is opt-in (always:false) and requires explicit hook enablement. Hooks and scripts run with the same user permissions as the agent; activator outputs text reminders only, but extract-skill.sh can write new skill files to the local workspace if you run it. This behavior is consistent with the purpose, but enabling hooks or installing at user/global scope will cause code to run automatically on events — review and test scripts before enabling globally.