ClawHub

Self-Improving Engineering

v1.2.1

Captures architecture decisions, code quality issues, build/deploy failures, dependency problems, performance regressions, tech debt accumulation, and test g...

0· 53·0 current·0 all-time
byJosé I. O.@jose-compu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, README instructions, scripts, and hook handlers all implement a logging/prompting workflow to capture engineering learnings (.learnings, promotion to workspace docs). No unrelated credentials, binaries, or network endpoints are requested.
Instruction Scope
Runtime instructions create/ensure .learnings files and recommend installing optional hooks. Hook handlers inject a virtual reminder into agent bootstrap and shell scripts read CLAUDE_TOOL_OUTPUT for simple error-pattern detection. This is consistent with the skill's purpose, but the skill does write files to the workspace/home and (if PostToolUse is enabled) will read tool output—review to ensure no secrets or full stack traces are logged.
Install Mechanism
No automated install spec; install instructions are copy/clone or use clawdhub. All included scripts are local and there are no downloads from untrusted URLs or extract-from-URL steps.
Credentials
The skill declares no required environment variables or credentials. The only environment usage is reading CLAUDE_TOOL_OUTPUT in an optional error-detector script, which is appropriate for a PostToolUse hook but should be enabled only when you trust the runtime and its outputs.
Persistence & Privilege
always:false and hooks are user-enabled; handlers inject virtual files into session context (intended reminder). The skill does not request permanent platform-wide privileges or modify other skills' configs.
Assessment
This skill appears coherent and low-risk for its purpose, but review before enabling hooks: 1) Only enable the hooks you want (activator/UserPromptSubmit recommended). 2) Inspect scripts (activator.sh, error-detector.sh, extract-skill.sh) to confirm behavior and file paths. 3) If you enable PostToolUse/error-detector, be cautious because CLAUDE_TOOL_OUTPUT may contain sensitive command output—ensure the detector is configured to only emit short, redacted reminders. 4) Prefer installing from a trusted repository or vendor; if the source is unknown, review the full code locally before copying to ~/.openclaw or enabling hooks.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e8rqns56crmxwt2c2039yrs84tjd9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments