ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SELF IMPROVING

v1.0.0

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...

0· 131·0 current·0 all-time
by@kondifun
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (capture learnings, errors, corrections) align with the provided SKILL.md, scripts, and hook code. The activator, error detector, extraction helper, and hook handler all support the stated goal of logging and promoting learnings. The files and documentation match the claimed purpose.
Instruction Scope
Instructions focus on creating/using .learnings/ and optionally installing a bootstrap hook that injects reminder text into agent sessions. That scope is consistent with the stated purpose. Caveat: the skill explicitly recommends promoting learnings into workspace files (SOUL.md, AGENTS.md, TOOLS.md, CLAUDE.md) and references OpenClaw session APIs (sessions_history, sessions_send, sessions_spawn). Promoting/adding content to workspace files changes the prompt context for future sessions (intentional prompt injection) and the inter-session APIs can move data between sessions — both are normal for this skill but are high-impact behaviors users should consider.
Install Mechanism
There is no automated install spec; installation is manual or via a referenced GitHub repo. No downloads from unknown servers or archive extraction steps are present in the package. Scripts are local and executed only if the user wires up hooks or runs them explicitly.
!
Credentials
The skill declares no required env vars or credentials, which fits its purpose. However: (1) the error-detector.sh reads CLAUDE_TOOL_OUTPUT (an agent-provided env var) but that env var is not declared in metadata — this is expected for hooks but worth noting; (2) the skill references and encourages use of session-level APIs (sessions_history, sessions_send, sessions_spawn) that can access other sessions and move data between sessions/workspaces. Those capabilities go beyond simple local logging and could be abused to share sensitive context if misconfigured.
Persistence & Privilege
always:false and no extra system privileges requested. However enabling the optional hook (which the user must copy and enable) injects virtual/bootstrap files into every session and the skill encourages promoting learnings into long-lived workspace files — this gives the skill a persistent, cumulative influence on future prompts. That's consistent with intent but increases long-term impact and the risk of accidental leakage or undesired prompt changes.
What to consider before installing
What to check before installing: - Provenance: the package metadata inside the files (_meta.json/version/ownerId) doesn't match the registry metadata; verify you trust the source (GitHub repo links) before installing or enabling hooks. - Review scripts: activator.sh and error-detector.sh only print reminders, but extract-skill.sh will create files in your workspace when run — inspect it and test with --dry-run first. - Hook behavior: enabling the OpenClaw hook injects a virtual reminder into every session and the skill recommends promoting entries into workspace files that become part of future session context. Only enable hooks if you understand and approve that persistent prompt-injection effect. - Inter-session APIs: the skill documents sessions_send/sessions_history/sessions_spawn. If you enable cross-session features, make sure policies/permissions for other sessions are acceptable to avoid accidental data sharing. - Least privilege: if you want the functionality but less risk, enable only the activator (reminder) hook and do not enable PostToolUse or inter-session features. Keep scripts executable only when you trust them (chmod) and run extract-skill.sh with --dry-run first. If you can, obtain a trusted upstream repository and confirm author/commit history to resolve the metadata mismatch; if you cannot verify provenance, treat the package as untrusted and be conservative about enabling hooks or running scripts that write to your home/workspace.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dvxbecp3td70kjtb57w8d9n835df9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments