Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
meowtest
v1.0.2Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⭐ 0· 157·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
SKILL.md and the included scripts/hooks clearly implement a 'self-improvement' / learnings-logging feature (creating .learnings/, hook activator, error detector, and an extractor). However the registry metadata and filenames don't line up: the package is listed as 'meowtest' / slug 'meowceshi' while SKILL.md and _meta.json refer to 'self-improving-agent' / 'self-improvement'. Owner IDs also differ. This mismatch is not a direct security vulnerability but is an incoherence that warrants verification (typo, repackaging, or copying).
Instruction Scope
The instructions instruct the agent or user to create and populate .learnings/ in both project and ~/.openclaw/workspace, copy hooks into ~/.openclaw/hooks, and enable them. The hook code injects a virtual bootstrap file into sessions and the error-detector script reads CLAUDE_TOOL_OUTPUT (command output). The SKILL.md repeatedly warns not to log secrets, but the hooks/scripts will run with the invoking user's permissions and could expose command output if misconfigured. The scope is generally within the stated purpose, but any use of PostToolUse hooks that capture tool output increases the risk of accidental leakage of sensitive outputs unless strictly sanitized or gated.
Install Mechanism
There is no automated install spec (instruction-only install). The package includes hooks and shell scripts which are intended to be copied and enabled by the user. No remote downloads, package managers, or extracted archives are invoked by an install step in the bundle itself. The only remote references are optional manual installation examples that suggest git clone of a GitHub repo — cloning external repos is a user action and should be reviewed before running.
Credentials
The skill does not declare or require any environment variables or credentials. The error-detector script relies on CLAUDE_TOOL_OUTPUT (an environment variable provided by the agent runtime) which may contain potentially sensitive command output. The documentation explicitly warns treating CLAUDE_TOOL_OUTPUT as sensitive and avoiding forwarding secrets, but enabling the hook means tool outputs may be inspected—so users must ensure hooks run only in trusted contexts and that the scripts do not leak or persist raw outputs.
Persistence & Privilege
always:false (not force-included) and model invocation is allowed (default). The skill's hook, if copied and enabled, will persist in the user's OpenClaw hooks directory and inject reminders into each session's bootstrap context. This is expected for a workspace-level helper, but it does grant ongoing ability to alter session context while enabled. There is no evidence the skill modifies other skills' configs or requests elevated permissions.
What to consider before installing
This skill is mostly coherent with its described goal (logging learnings and providing lightweight hooks), but take these precautions before installing or enabling it:
- Verify the package identity: confirm why the registry name/slug/owner differ from the SKILL.md and _meta.json (could be a renamed or repackaged copy). Prefer code from an authoritative repo you trust.
- Inspect the scripts and hook code yourself (they're small). Look for any network calls or file writes to unexpected locations (I found none beyond creating files under the workspace or skills directories and pushing a virtual bootstrap file).
- Be cautious enabling PostToolUse hooks globally or at user-level. The error-detector reads CLAUDE_TOOL_OUTPUT which can contain sensitive command output; enable only in trusted projects or use matcher filters to limit triggers.
- Do not enable hooks system-wide (in your home-level settings) unless you trust the code and repository; prefer project-level config or set strict matcher filters.
- Check file permissions (chmod +x where needed) and run the extract-skill scripts in --dry-run mode first to confirm behavior.
- If you plan to run the suggested git clone, review that remote repo on GitHub before executing any install commands.
If you want, I can list the exact lines that create or read files, or highlight the specific places where the hook reads CLAUDE_TOOL_OUTPUT and injects bootstrap files so you can audit them quickly.Like a lobster shell, security has layers — review code before you run it.
latestvk97d267jjwe6pqgftaa1qs7jch84d7r9testvk97d267jjwe6pqgftaa1qs7jch84d7r9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.