Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
root
v1.0.0Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⭐ 0· 53·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md content implements a 'self-improving' memory system that reads and writes files under ~/self-improving and updates workspace AGENTS.md / SOUL.md. Those capabilities align with the stated purpose. However, registry/top-level metadata is inconsistent with internal files: the provided skill name/slug is 'root' in the registry header while the SKILL.md and file tree use 'self-improving' (slug self-improving); ownerId values also differ between registry metadata and _meta.json. This mismatch could indicate packaging or provenance issues.
Instruction Scope
The runtime instructions explicitly instruct the agent to read and write files in the user's home directory (~/self-improving/) and to modify workspace files (AGENTS.md, SOUL.md, HEARTBEAT.md). Those actions are within the declared purpose (local memory and steering). The SKILL.md also directs optional installation of a 'Proactivity' skill (network action) but requires explicit user consent. No instructions request unrelated system credentials or secret exfiltration; boundaries.md explicitly forbids storing credentials, which is consistent but should be audited in practice.
Install Mechanism
This is an instruction-only skill with no install spec or code-archive downloads, which is low risk. One caveat: setup.md instructs to run `clawhub install proactivity` if the user agrees — that would perform a network package install from an external source. Installation of that companion skill is explicit/optional, but the user should verify the source of 'proactivity' before consenting.
Credentials
The skill requests no environment variables, binaries, or credentials, and its documented storage rules explicitly forbid saving secrets or third-party personal data. That is proportionate to its self-improvement purpose. Still, the skill will persist user-provided corrections and preferences to disk locally, which could include sensitive user content if the user writes it as a correction — users should ensure sensitive material is not stored.
Persistence & Privilege
The skill creates and manages a persistent local datastore under ~/self-improving/ and will update workspace files. always:false, so it is not force-included globally. This level of persistence is expected for a memory/learning skill, but any skill that writes persistent local state should be reviewed for what it stores and for transparency controls (export/wipe).
What to consider before installing
Key things to check before installing:
- Metadata mismatch: The registry header lists this skill as 'root' while the SKILL.md and files call it 'self-improving' (slug self-improving). Owner IDs also differ between top-level metadata and _meta.json. Confirm the skill's provenance with the publisher before trusting it.
- Local file writes: The skill will create and manage ~/self-improving/ and modify workspace AGENTS.md / SOUL.md / HEARTBEAT.md. Back up those files first and review diffs after any automated edits.
- Data stored locally: The skill is designed to persist corrections, preferences, and patterns. Although its boundaries.md forbids storing credentials and sensitive categories, you should avoid putting secrets or private content into corrections or prompts that will be logged.
- Optional network install: setup.md may run `clawhub install proactivity` if you explicitly consent. Review the Proactivity skill's source before allowing that network install.
- Autonomy: The skill can be invoked autonomously by the agent (platform default). Because it writes persistent state, consider running it in passive mode initially and review every change it proposes.
- If you want to proceed: (1) verify publisher and version (resolve the metadata mismatch), (2) back up workspace config and your home ~/self-improving if present, (3) run in passive mode or review changes interactively, and (4) audit the first few entries the skill writes to ensure it obeys the stated boundaries.Like a lobster shell, security has layers — review code before you run it.
latestvk97fk20c76x7apa7gnces1crb5842kec
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧠 Clawdis
OSLinux · macOS · Windows