Taku Reflect
PassAudited by ClawScan on May 11, 2026.
Overview
Taku Reflect appears to be a coherent, user-facing reflection tool that stores project learnings locally, with no artifact-backed evidence of hidden exfiltration or destructive behavior.
This skill appears safe to install if you want project-local reflection memory. Before using it, understand that it can write `.taku/learnings` files and may update project instruction files if you approve; avoid storing secrets or sensitive personal information in learnings.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Saved learnings may guide future agent behavior in the project, so inaccurate or overly broad entries could lead to bad recommendations later.
The skill creates persistent project-local memory and allows future Taku phases to retrieve it as context. This is central to the skill’s purpose and is bounded by confirmation rules, but stale or incorrect learnings could affect future work.
Learnings live in `.taku/learnings/{project-slug}.jsonl` ... Other Taku phases may search existing learnings automatically, but only as contextOnly save stable, intended learnings; periodically prune or export-review the JSONL file; and treat recalled learnings as advisory rather than authoritative.
The agent may run the included local Python script and write or edit project files when you ask it to manage learnings or skills.
The skill exposes local command execution and file mutation so it can manage learnings, exports, pruning suggestions, retrospectives, and skill-writing. These tools are purpose-aligned, and the visible instructions require confirmation for persistent changes.
allowed-tools: - Bash - Read - Write - Edit - Glob - Grep ... Use `scripts/learnings.py` for all learnings file operations.
Review proposed file changes before accepting them, especially changes to project instruction files such as AGENTS.md or CLAUDE.md.
If installed into project instructions, future agents may automatically consider saved learnings during planning and implementation.
The bootstrap protocol is designed to make future agents consult the saved learning file. The protocol explicitly says to treat entries as context rather than hard rules, which reduces risk, but it still creates persistent influence over future sessions.
If `.taku/learnings/{project-slug}.jsonl` exists, consult it before non-trivial planning, implementation, review, or debugging. Treat matching entries as context, not hard rules.Install the bootstrap protocol only if you want this persistent behavior, and keep the learning file accurate and limited to non-sensitive project guidance.