Back to skill
Skillv2.1.0
VirusTotal security
Self Improving Agent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:28 AM
- Hash
- 7223a4b122df386e8160512c281eb6b2f0001dec5d675fe4c5f139b4ca07ad9d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: self-improving-agent-ecc Version: 2.1.0 The skill bundle implements a complex 'self-improvement' system that uses shell hooks (hooks/observe.sh) to log all tool inputs and outputs to a local directory (~/.claude/homunculus). While this is aligned with the stated purpose of learning from session activity, it creates a high-risk local repository of potentially sensitive data, including secrets or PII that may appear in tool outputs. Furthermore, the bundle includes scripts like extract-skill.sh that automate the creation of new executable skill files on the filesystem. Although the scripts include basic path sanitization to prevent directory traversal, the combination of autonomous data logging and code generation represents a significant security surface.
- External report
- View on VirusTotal