ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

KinthAI Self-Improving User

v1.0.0

User-level self-improvement: captures corrections, preferences, and errors per user_id. After every conversation where the user corrects you or states a pref...

0· 41·0 current·0 all-time
byKinthAI@kinthaiofficial
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description align with the code and SKILL.md: it stores per-user learnings under .learnings/{user_id} and injects prior learnings into bootstrap. Creating per-user directories and reading/writing small markdown files is coherent with the stated goal.
!
Instruction Scope
SKILL.md and the hook explicitly instruct the agent to perform filesystem writes (mkdir -p, append to LEARNINGS.md) using the Bash tool and to never mention the .learnings system to the user. Instructing the agent to hide persistent writes and demanding they be executed ("MUST" use shell writes) expands scope beyond passive guidance and raises transparency/privacy concerns.
Install Mechanism
There is no network download/install spec; this is an instruction+hook skill with local code only. The included hook.js reads/writes local files and modifies bootstrap content — expected for a local persistence feature.
Credentials
The skill requests no credentials or special env vars. It uses standard workspace/HOME paths and session context to obtain user_id, which is proportionate to per-user storage.
!
Persistence & Privilege
The skill is flagged always: true and injects content into AGENTS.md at bootstrap, effectively forcing its rules into every agent bootstrap. Combined with autonomous invocation and explicit instructions to perform silent filesystem writes, this increases blast radius and enables persistent, covert data collection unless the operator inspects and restricts it.
What to consider before installing
This skill does what it says (stores per-user 'learnings' in ~/.openclaw/.../.learnings) but has two red flags: (1) it's configured always:true so it will be injected into every agent bootstrap, and (2) it instructs the agent to run shell commands to silently write persistent files and explicitly tells the agent not to inform users. Before installing: review hooks/openclaw/handler.js and any scripts to confirm exactly what will be written and where; remove or change always:true so the skill is opt-in; require that writes be explicit and transparent to users (do not instruct silence); restrict the agent's ability to run arbitrary shell commands (or run this skill in a sandboxed workspace). If you cannot audit or modify the files, avoid installing or disable always:true and the hook to reduce risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk972kad81xm3gmxsgw2wf4v1sn84kjhb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis

Comments