Keenlycat Self Improving Agent
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for self-improvement, but it persistently records command/error context in agent memory without strong redaction, validation, or approval controls.
Install only if you want OpenClaw to keep local, persistent memory of errors and lessons. Avoid wrapping commands that contain secrets, periodically review ~/.openclaw/workspace/memory/learnings.jsonl, and delete or redact entries that should not guide future tasks.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Failed commands could leave tokens, private paths, customer data, or other sensitive details in local agent memory, where they may be searched and reused later.
On failure, the wrapper captures the command line and a snippet of stdout/stderr into the persistent learning workflow; truncation and quote replacement do not reliably remove secrets.
OUTPUT=$("$@" 2>&1) ... ERROR_SUMMARY=$(echo "$OUTPUT" | head -c 200 ... ) ... "$CAPTURE_SCRIPT" --context "Command failed: $*" --issue "$ERROR_SUMMARY"Use automatic error capture only for non-sensitive commands, add explicit redaction and approval before saving failures, and provide a clear way to delete or edit stored learnings.
Malformed or misleading saved lessons could break searches or cause the agent to rely on bad guidance in later tasks.
User- or agent-supplied learning text is written directly into JSONL without JSON escaping or provenance checks, which can corrupt or poison the persistent learning file.
cat >> "$LEARNINGS_FILE" << EOF {"timestamp":"$TIMESTAMP",...,"context":"$CONTEXT","issue":"$ISSUE","correction":"$CORRECTION","lesson":"$LESSON","tags":"$TAGS"...} EOFSerialize entries with a JSON-safe tool such as jq, validate fields, and treat retrieved learnings as suggestions rather than authoritative instructions.
If used carelessly, the wrapper can run destructive or sensitive commands under the user's normal account and then persist failure details.
The helper executes any command passed to it. This is purpose-aligned for error capture, but it is not a sandbox or safety check for the command itself.
# Usage: ./auto-capture-error.sh <command> [args...] ... OUTPUT=$("$@" 2>&1)Only wrap commands the user has explicitly intended to run, and avoid using it around destructive, privileged, or secret-bearing commands.
Some commands may fail unexpectedly on systems without jq installed.
The scripts require jq, while the registry requirements declare no required binaries, so runtime dependencies are under-declared.
RESULTS=$(cat "$LEARNINGS_FILE" | jq -c "$FILTER" | tail -n "$LIMIT")
Declare jq as a required binary or document it clearly in setup instructions.