Self-Improving Business
v1.0.0Captures business administration issues, policy gaps, KPI misalignment, decision delays, handoff failures, and stakeholder misalignment to improve operationa...
⭐ 0· 44·0 current·0 all-time
byJosé I. O.@jose-compu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (capture operational issues and log learnings) align with the included artifacts: markdown templates, example entries, helper scripts, and OpenClaw hook handlers. All required capabilities (local logging, optional hook reminders) match the stated purpose.
Instruction Scope
Runtime instructions and scripts are focused on creating and appending local markdown logs (.learnings/LEARNINGS.md, BUSINESS_ISSUES.md, FEATURE_REQUESTS.md) and injecting reminder text at agent bootstrap. The scripts reference the CLAUDE_TOOL_OUTPUT environment variable (used by the PostToolUse detector) — this is expected for the stated hook behavior but is not listed in a requires.env section. No instructions ask the agent to read unrelated secrets or transmit data externally.
Install Mechanism
The package is instruction-first and includes local scripts and hook code (no install spec). SKILL.md offers a manual git clone URL (github.com/jose-compu/self-improving-business) as an install option; cloning pulls code from a third-party GitHub account — review that repo if you plan to use the manual path. No download-from-arbitrary-URL or archive extraction is present in the package itself.
Credentials
The skill declares no required environment variables or credentials. The scripts use CLAUDE_TOOL_OUTPUT to inspect command output when used as a PostToolUse hook; this is proportionate to a pattern detector. No other secrets, API tokens, or unrelated environment variables are requested.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It includes optional hooks that, when installed/enabled, will write into ~/.openclaw/hooks or push virtual bootstrap files during agent startup. Enabling hooks modifies agent behaviour (adds reminder injection) but does not escalate privileges or alter other skills' credentials.
Assessment
This skill appears to do exactly what it claims: provide reminder-only logging and lightweight hook reminders. Before enabling or installing, do these simple checks: (1) review the included scripts (scripts/*.sh) and hook handlers (hooks/openclaw/handler.{js,ts}) to confirm they only write local markdown and inject reminder text (they do), (2) if you plan to run the manual git clone command, review the remote repository content and source owner, (3) enabling the hook will copy files into ~/.openclaw/hooks and cause the agent to include a bootstrap reminder — only enable if you want that behavior, and (4) ensure the hook scripts are run in a safe workspace (they read CLAUDE_TOOL_OUTPUT and produce reminders) and that you keep the 'reminder-only' safety boundary in mind: human approval remains required for any transactional actions. Overall, no credentials or network exfiltration were found, but always review third-party code before enabling hooks that modify your agent's startup behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk977dwt2pfrbzsgfhja07jkr6x84r8hb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.