Self Improving Agent.Tmp
v1.0.0Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⭐ 0· 71·0 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill's documented purpose (log learnings/errors and optionally inject reminders) matches the included files: logging templates, hook handlers, and small helper scripts. However, there are minor inconsistencies in naming/metadata: registry slug/name include '-tmp' while install instructions and examples reference 'self-improving-agent' (no '-tmp'), and _meta.json lists a different ownerId than the registry metadata. These mismatches suggest repackaging or an upstream copy and deserve verification before install.
Instruction Scope
SKILL.md instructs only to create .learnings/, copy templates, and optionally install/enable hooks; hooks inject a virtual reminder and scripts detect command output errors or scaffold new skills. The instructions do not request unrelated system files or credentials. They do direct optionally copying files into user home (~/.openclaw) and enabling hooks which will cause the provided scripts/handlers to run in future sessions (expected for this purpose).
Install Mechanism
No automatic install spec is provided (instruction-only skill). The included scripts and hook handlers are local files (no remote downloads). The extract-skill.sh has path checks to avoid absolute/.. writes. Overall install risk is low because installation is manual and opt-in.
Credentials
The skill does not declare required environment variables or credentials. The error-detector.sh reads CLAUDE_TOOL_OUTPUT (a hook-provided tool output variable) which is appropriate for a hook that examines command results. No other secret or unrelated service credentials are requested.
Persistence & Privilege
always:false and hooks/scripts are opt-in; enabling hooks requires explicit user action. The hook injects only a virtual bootstrap file and the scripts write only to user-scoped paths when run (e.g., ./skills or ~/.openclaw). The skill does not modify other skills' configs or request permanent elevated privileges.
Scan Findings in Context
[pre-scan-injection-signals-none] expected: No pre-scan injection signals were detected. This matches an instruction-only/manual-install pattern where files are present but no remote installs or obfuscated payloads were found.
Assessment
What to check before installing or enabling:
- Verify the origin: the SKILL.md references installing 'self-improving-agent' but the registry entry is 'self-improving-agent-tmp' and _meta.json shows a different ownerId — confirm you trust the exact package/source before copying it into ~/.openclaw or enabling hooks.
- Review the scripts/hooks locally: activator.sh, error-detector.sh, and the hook handler (handler.js/ts) are small and readable; enable them only if you understand they will run in your sessions. They run with the same permissions as the agent and can execute if you add them to your hook configuration.
- Prefer project-level (not global) hook configuration or use matcher filters to limit when hooks run; avoid enabling user-level/global hooks unless you want reminders across all sessions.
- Test in a safe workspace first: use the extract-skill.sh --dry-run and test hooks in a sandbox workspace before deploying to important projects or enabling for all sessions.
- If you plan to let hooks run automatically, ensure scripts are executable and consider auditing them for any modifications. If anything looks unexpected (network calls, writes to unrelated system paths, or credential references), do not enable the hook.
Confidence notes: assessment is medium because the package contains multiple files and small metadata/name mismatches. Those mismatches are not proof of malice but do warrant verification of the source before use.Like a lobster shell, security has layers — review code before you run it.
latestvk970gk41zw43pn01vb7ktvrq7583q115
License
MIT-0
Free to use, modify, and redistribute. No attribution required.