ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

developer-self-improve-core

v1.1.9

开发者自改进核心技能 - 自动错误防重、自检、规则生成、记忆清洗、定时提醒 核心功能: - 每轮回答前:自动错误防重 - 每轮回答后:自动自检 + 生成规则草案 - 累计 10 轮对话/每周:自动记忆清洗扫描 - 自动提醒:每天 9:30 钉钉推送待确认规则 核心原则: - AI 只提议,人类终审 - 绝不自动写...

1· 126·1 current·1 all-time
byJoe.Lee@joelee09
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Functionality (pre/post checks, proposals, memory cleanup, optional DingTalk reminders) aligns with the name/description. The scripts legitimately read their own config and an optional workspace/current_user.json to tag proposals. However, registry-level metadata shown at the top of the report lists no required env/config, while SKILL.md and .clawhub.json declare required binaries and an env (AUTO_MEMORY_WORKSPACE) and a config path (workspace/config/current_user.json) — that metadata mismatch is inconsistent and should be reconciled.
!
Instruction Scope
Runtime instructions and scripts read local config/config.yaml, optional workspace/config/current_user.json, write proposal/rule/log files under memory/, and (if enabled) send proposal summaries via the openclaw CLI to DingTalk. Those are in-scope for this skill, but the cleanup logic will delete proposal files older than retention_days when cleanup() / cleanup_expired_proposals() runs — this deletion is unconditional in the function and does not prompt for per-file human approval, which slightly contradicts the stated 'AI only proposes / human final approval' safety principle unless auto-cleanup remains disabled. Also daily-check.sh will assemble proposal contents and send them externally (DingTalk) via openclaw; enabling reminders will transmit proposal data outside the host.
Install Mechanism
No remote downloads or installers; this is an instruction+script package delivered in cleartext. No external install URLs or archive extracts were used. Risk from install mechanism itself is low.
Credentials
The skill does not request API keys or broad cloud credentials; it uses a local config value dingtalk_target (user-supplied DingTalk ID) and optionally relies on the openclaw CLI for notifications (openclaw manages its own auth). It reads workspace/config/current_user.json for user/platform tagging — plausible for its stated purpose but may expose identifying project/user fields. The earlier summary claiming 'Required env vars: none' conflicts with SKILL.md and .clawhub.json which list AUTO_MEMORY_WORKSPACE and various required binaries; verify which is authoritative before install.
!
Persistence & Privilege
The skill writes to its own memory/ directory and to logs (expected). always is false. However, it includes functions that can delete proposal files (cleanup_expired_proposals) without prompting when cleanup() runs, and cron/daily-check can send proposal contents externally. These behaviors are controlled by config flags (enable_auto_cleanup, enable_reminder) which default to disabled, but enabling automation gives the skill persistent behavior that can remove local files and send data externally — so only enable automation after testing and backups.
What to consider before installing
This skill appears to implement the claimed features, but take these precautions before enabling automation: 1) Reconcile metadata: confirm whether the skill actually requires AUTO_MEMORY_WORKSPACE and workspace/config/current_user.json (SKILL.md and .clawhub.json say yes, the top-level summary said no). 2) Inspect config/config.yaml and change dingtalk_target from the placeholder before enabling reminders; understand that enabling reminders will post proposal contents to DingTalk via your openclaw CLI account. 3) Keep enable_auto_cleanup and enable_reminder set to false while you test: run ./scripts/developer-self-improve-core.sh init, pre-check and post-check manually and inspect memory/ and logs/ to verify behavior. 4) Back up the skill directory before enabling automation (SECURITY.md recommends this). 5) If you plan to enable automated cleanup or cron jobs, review scripts cleanup_expired_proposals() and daily-check.sh to ensure they only act on the intended files — the cleanup function deletes expired proposal files without per-file confirmation. 6) Confirm openclaw CLI credentials are correctly configured and understand where notifications will be sent. If you need help auditing specific lines of the scripts (for example, the full cleanup/counter logic that was truncated), provide the full script and I can point out exact lines to change to enforce an approval step before deletions or external sends.

Like a lobster shell, security has layers — review code before you run it.

latestvk97895fqq1n8kyj1rbdnenk9gx84hc55

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments