ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Daily Growth & Maturity

v1.0.1

Self-reflection, correction logging, persistent memory, WAL protocol, cold-boot recovery, and automated daily review with self-healing cron. Evaluates own wo...

0· 87·0 current·0 all-time
byJoel Yi - DeployAIBots.com@joelsalespossible
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Most requested actions (file-based memory, WAL, daily review) align with the 'self-improving' purpose. However, the skill also auto-injects hooks into workspace system files (SOUL.md, AGENTS.md, HEARTBEAT.md) and instructs the cron to rewrite SOUL.md, AGENTS.md, IDENTITY.md and HEARTBEAT.md with 'hardcoded new permanent rules'. That degree of modification to system/prompt files goes beyond a typical personal memory helper and is disproportionate to the minimal stated needs.
!
Instruction Scope
SKILL.md and scripts instruct the agent to: always read and write multiple workspace files, write corrections before responding (WAL), auto-create a daily cron, auto-inject hooks into system prompt files, and rewrite those prompt files nightly. These instructions give the skill broad discretion to change agent directives and persist behavior without explicit per-change user approval.
Install Mechanism
There is no network-based install spec (instruction-only install), and the package includes only a local Python script and markdown files. No external downloads or install hosts were specified. This lowers supply-chain risk, but the included script performs many on-disk modifications.
Credentials
The skill requests no credentials, which is appropriate. It does, however, attempt to auto-symlink ~/self-improving to /data if persistence is missing and expects write access to the user's home and workspace. While not secret-hungry, it requires broad filesystem write privileges and the ability to create a cron job — privileges that should be explicitly granted and limited.
!
Persistence & Privilege
Although always:false, the skill demands a self-healing daily cron and enforces creation of that cron via hooks on session start. The cron's job is to rewrite system workspace files (SOUL.md, AGENTS.md, IDENTITY.md, HEARTBEAT.md). Combined, these behaviors allow long-term persistence and the ability to alter the agent's prompt/configuration across restarts, which has a high blast radius for changing agent behavior.
Scan Findings in Context
[writes-to-workspace-files] unexpected: The script intentionally writes and rewrites workspace/system files (SOUL.md, AGENTS.md, IDENTITY.md, HEARTBEAT.md). Writing to memory files is expected, but rewriting system/prompt files nightly is not typically required for a memory helper.
[creates-cron-self-healing] unexpected: The skill auto-creates a self-healing cron that runs agentTurn payloads and enforces mandatory nightly rewrites. Persisting behavior with an automated scheduler is stronger-than-expected for this type of skill.
[symlink-to-/data] expected: Auto-symlinking to /data for persistence is explainable for durability in containerized contexts, but it requires permission to create symlinks and write into /data — a filesystem privilege that should be intentional.
[openclaw.requires.tools: exec/cron/read/write] expected: clawhub.json declares required tools including 'cron' and 'exec' which match the script's behavior. Declaring 'exec' and 'cron' is expected given the cron creation and execution behavior, but these are sensitive operations.
What to consider before installing
Things to consider before installing: - This skill will auto-inject hooks and may append or rewrite your workspace/system prompt files (SOUL.md, AGENTS.md, IDENTITY.md, HEARTBEAT.md). If you rely on those files (other skills, operator policies), the skill can change agent directives and persist those changes nightly. - The skill creates a self-healing daily cron that runs an agentTurn payload and enforces mandatory .md rewrites. That gives it ongoing, automated ability to change behavior across restarts. If you do not want automated persistent changes, do not enable the cron or run this only in a sandbox. - The included script will attempt to symlink ~/self-improving to /data for persistence and writes to home and workspace. Only install where you trust the code and can grant/limit filesystem and cron privileges. - Recommended safe steps before enabling permanently: 1) Review the script and SKILL.md fully (you have the code). Run agent_memory.py dry-run to see what the cron would do. 2) Run verify and dry-run in an isolated test workspace or container with backups of SOUL.md/AGENTS.md/IDENTITY.md/HEARTBEAT.md. 3) Do not allow automatic cron creation in a production/shared environment; create the cron manually after inspection if you accept the behavior. 4) Backup the workspace/system .md files and restrict the skill to an isolated agent/account if possible. 5) Consider removing or editing the parts that rewrite system prompt files if you only want local memory without changing agent directives. - If you are unsure or cannot audit the code, treat this as high-risk and prefer not to install it on shared or production agents.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dn1d46wdn55ftnetfr0gsfx83n7c7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments