Self Improving Agent 1.0.11
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken, malicious, or overly broad learning could be reused as future context and influence later agent behavior across tasks or projects.
The skill explicitly promotes conversation-derived learnings into files that are injected into future sessions. That is core to the skill, but the artifact does not clearly require user review, sanitization, or approval before persistent instruction changes.
OpenClaw injects these files into every session ... Broadly applicable learning | Promote to `CLAUDE.md`, `AGENTS.md`, and/or `.github/copilot-instructions.md`
Require explicit user approval before promoting learnings into persistent instruction files, avoid logging secrets, and periodically review or prune .learnings, CLAUDE.md, AGENTS.md, SOUL.md, TOOLS.md, and Copilot instructions.
Session transcripts or learnings could be exposed to other sessions or background agents if these tools are used carelessly.
The skill documents cross-session transcript access, messaging, and sub-agent spawning as part of sharing learnings. This is disclosed and purpose-aligned, but it can move context between sessions.
sessions_history — Read another session's transcript ... sessions_send — Send a learning to another session ... sessions_spawn — Spawn a sub-agent for background work
Use cross-session tools only when the user expects it, avoid sending sensitive transcript details, and verify the target session before sharing learnings.
If enabled, the hook will keep adding self-improvement reminders to future sessions until disabled.
The optional hook persists as a bootstrap reminder once enabled. The provided handler only injects reminder text, and enablement is disclosed, so this is a notice rather than a malicious behavior finding.
Fires on `agent:bootstrap` ... Adds a reminder block ... Enable with: `openclaw hooks enable self-improvement`
Enable the hook only if you want ongoing reminders, and disable it if the reminders become intrusive or inappropriate for a workspace.
Users may have less external provenance information for the included scripts and hook files.
The registry metadata does not provide a clear source or homepage and says there is no install spec, while the package includes optional hooks and scripts. The reviewed code is small and not suspicious, but provenance should still be verified.
Source: unknown; Homepage: none ... No install spec — this is an instruction-only skill ... Code file presence 5 code file(s)
Review the included scripts before enabling hooks, and prefer installing from a source or registry entry you trust.