Skill Gitee
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill mainly logs learning notes, but its package identity and install dependency are inconsistent, and it can write persistent agent memory/prompt files that affect future sessions.
Review before installing. Verify the publisher and the `steipete/tap/gogcli` Homebrew dependency, and only use this skill if you are comfortable with it creating persistent `.learnings` and workspace prompt/memory files. Do not enable hooks or cross-session sharing unless you explicitly want that behavior, and require approval before promoting learnings into files that future agents will read.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may install an extra executable from a third-party Homebrew tap that does not appear necessary for the stated logging function.
The skill is described as markdown-based learning capture, but it declares a required Homebrew-installed `gog` binary that is not explained by the supplied scripts or docs, creating an unexpected dependency/provenance concern.
name: skill-b ... description: "Captures learnings, errors, and corrections..." ... "requires":{"bins":["gog"]},"install":[{"id":"brew","kind":"brew","formula":"steipete/tap/gogcli"Install only if you trust the Homebrew formula and can verify why `gog` is required; otherwise remove or decline the dependency.
A user may not be able to tell which package they are actually installing or who published it.
The local package metadata does not match the evaluated registry identity of `skill-gitee` version 1.1.1, and SKILL.md also names the skill `skill-b`, making provenance and package identity unclear.
"ownerId": "kn71cjr952qdec1nx70zs6wefn7ynq2t", "slug": "skill-a", "version": "1.0.4"
Verify the publisher and source repository before installing, and require consistent registry, `_meta.json`, and SKILL.md identity metadata.
Private project context or mistaken instructions could persist and influence future agent behavior across sessions.
The skill intentionally writes or promotes learnings into persistent files that are later injected into agent context, but the artifacts do not clearly require user confirmation before promotion to those prompt files.
OpenClaw injects these files into every session ... AGENTS.md ... SOUL.md ... TOOLS.md ... MEMORY.md ... .learnings/ ... Broadly applicable learning | Promote to `CLAUDE.md`, `AGENTS.md`, and/or `.github/copilot-instructions.md`
Require explicit user approval before promoting any learning to CLAUDE.md, AGENTS.md, SOUL.md, TOOLS.md, MEMORY.md, or Copilot instructions; keep entries short and redacted.
If used carelessly, session transcripts or learnings could be shared with other sessions or agents.
The skill documents cross-session transcript reading, message sending, and sub-agent spawning, but it also tells users to use these only in trusted environments and when explicitly needed.
sessions_history ... Read transcript from another session ... sessions_send ... Send message to another session ... sessions_spawn ... Spawn a background sub-agent ... Use these only when cross-session sharing is explicitly needed and the environment is trusted.
Use cross-session tools only after explicit user approval and send sanitized summaries instead of raw transcripts or command output.
If enabled, reminders may run automatically during future sessions and Bash tool use.
The skill provides optional persistent hooks that can run on prompts and Bash tool results; the included scripts only emit reminders and the docs disclose that setup is opt-in.
Hooks enable proactive learning capture ... UserPromptSubmit ... PostToolUse (Bash) ... Hook scripts run with the same permissions as Claude Code ... All scripts are opt-in
Enable hooks only if you want persistent reminders, prefer the minimal UserPromptSubmit hook, and review hook configuration periodically.