Skillv1.0.1

ClawScan security

Keenlycat Self Improving Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 6, 2026, 11:08 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its stated goal of capturing local learnings, but implementation contradicts its own safety guidance (auto-captures errors without user approval and does not sanitize potential secrets) and it neglects to declare required tooling (jq).
Guidance: This skill's goal (capture and reuse learnings) is reasonable and the scripts operate locally, but be aware of two important issues before installing: (1) auto-capture-error.sh will automatically save failing command output into $HOME/.openclaw/workspace/memory/learnings.jsonl without prompting, which can store secrets (API keys, passwords) if those appear in error messages — the SKILL.md states you should sanitize and require approval, but the scripts don't implement that; (2) the scripts rely on external tooling (jq, and specific date behavior) that is not declared, so they may fail or behave differently on your platform. Recommendations: inspect and test the scripts in a safe environment, disable or modify auto-capture to require confirmation, add sanitization to remove secrets before writing, ensure jq is installed or update the scripts to avoid jq, and restrict filesystem permissions on the memory file if you enable this skill.

Review Dimensions

Purpose & Capability: noteThe name/description (self-improving agent) matches the scripts' purpose (capture, search, review local learnings). However the SKILL.md shows CLI examples using an 'openclaw memory' command, while the package provides local shell scripts (capture-learning.sh, search-learnings.sh). Also the scripts depend on jq and date behavior but the skill declares no required binaries or dependencies.
Instruction Scope: concernSKILL.md mandates never storing sensitive data and requiring user approval before storing corrections, but auto-capture-error.sh will automatically append error learnings to the local leavings file when a command fails (no user prompt) and capture-learning.sh simply appends the raw fields to a JSONL file with only minimal truncation/quote replacement. This creates a real risk of accidentally persisting secrets (passwords, tokens) despite the 'safety rules' documented in SKILL.md.
Install Mechanism: noteNo install spec (instruction-only) reduces risk of remote code download. Scripts are provided and written to operate from $HOME paths. However the scripts implicitly require external tools (jq) and use date options that differ between platforms; these dependencies are not declared, which can cause failures or unexpected behavior on target systems.
Credentials: noteThe skill requests no credentials and only reads/writes files under $HOME/.openclaw/workspace, which is proportionate. Still, because it writes potentially sensitive error outputs to a persistent file, it effectively gains local-persistence of possibly sensitive data; the SKILL.md promises sanitization and user approval but the code does not implement these protections.
Persistence & Privilege: okThe skill does not request elevated privileges, does not set always:true, and writes only to its own workspace path under the user's home. It does not modify other skills or system-wide configs.