Self Reflection
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is coherent and locally scoped, but users should notice that it creates persistent reflection memory and its README points to an external CLI not included in the reviewed package.
Before installing, verify the external GitHub CLI code because it was not included in the reviewed package. If you enable the heartbeat integration, remember that the agent will periodically check and may write reflections to the configured local memory file; do not store secrets there.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The behavior of the actual CLI depends on external code that was not available in this review.
The README instructs users to install and symlink an executable from an external GitHub repository, but that executable is not included in the reviewed registry artifact.
git clone https://github.com/hopyky/self-reflection.git ~/.openclaw/skills/self-reflection ln -sf ~/.openclaw/skills/self-reflection/bin/self-reflection ~/bin/self-reflection
Inspect the external repository before installing, prefer a pinned commit or release, and confirm the bin/self-reflection script only performs the documented local memory/state operations.
If sensitive information or incorrect lessons are logged, they may persist and influence later work.
The skill intentionally creates persistent reflection memory that may be read back into future agent context.
The agent tracks mistakes, lessons learned, and improvements over time through regular heartbeat-triggered reflections.
Avoid logging secrets or private user data, review the memory file periodically, and edit or delete inaccurate lessons.
The agent may periodically interrupt its normal workflow to perform reflection if the user enables the heartbeat integration.
The skill documents recurring heartbeat-based behavior that can prompt the agent to run checks and update memory over time.
Run `self-reflection check` at each heartbeat. If ALERT: read past lessons, reflect, then log insights.
Enable the heartbeat only if you want ongoing self-review, and keep the interval and active hours aligned with your workflow.