Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Self-Improving Skill
v1.1.0让任何 writing style skill 自动从人类修改中学习。 只需要两个数据点:AI 原稿 (original) 和人类最终版 (final)。 自动 diff → 提取规则 → 更新目标 SKILL.md。 兼容 Claude Code (~/.claude/skills/) 和 OpenClaw (...
⭐ 0· 70·0 current·0 all-time
by@jzocb
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description match the included scripts: observe.py records original/final pairs and improve.py extracts proposals and can update a target SKILL.md. Some minor inconsistencies exist: registry metadata lists no required binaries but improve.py will try to invoke external LLM CLIs (claude/llm or IMPROVE_LLM_CMD). Path detection logic is duplicated/inconsistent (two different base-detection strategies), which is sloppy but explainable.
Instruction Scope
The runtime instructions and scripts read and write arbitrary SKILL.md files, create logs/backups under home directories, and send the assembled prompt (including SKILL.md excerpts and edit summaries) to whatever LLM CLI is available. That means user content and parts of SKILL.md may be transmitted to third-party LLM services; auto mode can also apply P0 proposals without manual review. These behaviors are within the stated purpose but have significant data-exposure and integrity implications that users must accept explicitly.
Install Mechanism
No external installers or arbitrary downloads are used — this is an instruction-only skill with included Python scripts. Risk from the install mechanism itself is low. The scripts are written to disk when the skill is copied/installed, which is expected.
Credentials
The skill doesn't request secrets or specific env vars up front, and declares optional IMPROVE_LLM_CMD. However, it will invoke external LLM CLIs which may be configured to talk to remote services — recorded content (original/final and SKILL.md excerpts) will be included in LLM prompts and thus could be exposed to those services. The absence of explicit required credentials is consistent with purpose, but users should treat recorded content as potentially exfiltrated to whatever LLM backend they configure.
Persistence & Privilege
The skill does not set always:true and is user-invocable. It can autonomously be run (platform default) and supports cron/auto mode which will auto-apply P0 proposals; combined with the ability to modify a target SKILL.md this grants the skill moderate persistence/impact over the writing-skill it targets. This is plausible for its purpose but worth caution: auto-apply should be used only after governance checks.
What to consider before installing
What to check before installing/use: 1) Understand data flow — observe.py stores full original/final texts locally; improve.py sends excerpts (and the target SKILL.md) to whichever LLM CLI you have (claude/llm or whatever IMPROVE_LLM_CMD points to), so sensitive content can be transmitted to external services. 2) Prefer manual review — use extract/show/apply workflow and avoid 'auto' until you trust proposals; backups and rollback exist but verify they work in your environment. 3) Configure storage paths to a secure location (set SKILL_BASE_DIR / SKILL_LOG_DIR / SKILL_TARGET_PATH) and restrict file permissions. 4) Inspect the scripts before use — there are a few sloppy/incomplete bits (e.g., inconsistent base-path logic and an apparent bug/truncation in auto_improve that may crash), so test on a copy of a non-critical SKILL.md first. 5) If you must analyze private data, run with a local/private LLM or disable automatic networked LLM CLI usage. 6) If you want stronger safety, require human confirmation for all proposals (avoid cron auto apply) and audit proposals before applying.Like a lobster shell, security has layers — review code before you run it.
latestvk978tkp95ef6bmwq7hvp3c20ss83gzqp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.