ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

自我复盘

v1.0.1

自我复盘与持续改进技能。当用户要求"复盘"、"总结经验"、"记录教训"、 "自我提升"、"持续改进"、"错题本"、"学习日志"时触发。 主动在每次完成任务、犯错、学到新知后,将内容写入 reflections/。

0· 65·0 current·0 all-time
bywoodylan@lanlan314
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (self-reflection, write to reflections/) matches the included scripts and SKILL.md: scripts create daily memory files, append mistakes/lessons, detect repeats, and produce reminders. No unrelated credentials or external services are required.
Instruction Scope
Instructions and code operate on local files under ~/.openclaw/workspace (memory/, reflections/) and /tmp logs. They do not call external endpoints. A comment in auto_remind.py mentions reading Feishu history but that functionality is unimplemented (no external API calls present). Reading /tmp/openclaw logs and existing reflection files is within the stated scope but is something to be aware of.
Install Mechanism
No install spec or remote downloads; all code is bundled with the skill. No external packages or URLs are fetched. Files will be written/executed on the user's machine when run, which is expected for this type of local automation.
Credentials
The skill requests no environment variables or secrets. It does, however, read and write user-local files (~/.openclaw/workspace/, /tmp logs) and may parse log contents; this is proportional to the goal but worth noting because it inspects local logs and persistent files.
Persistence & Privilege
always:false (no forced inclusion). However, daily_reflect.py can create and load a launchd plist in ~/Library/LaunchAgents, giving the skill a user-level persistent scheduled task. This is reasonable for a daily-reflection feature but is a persistent change to the user's environment and should be enabled only with user consent.
Assessment
What to consider before installing/running: - This skill runs entirely on your machine and does not ask for API keys or network access, but it will read/write files under ~/.openclaw/workspace and may read /tmp/openclaw logs. If those directories contain sensitive data, review what will be written. - The daily_reflect script can create a launchd plist and call launchctl load to schedule itself daily. Only run the --setup flow if you want a persistent user-level scheduled task; inspect the generated plist before loading. - auto_remind reads a hard-coded /tmp/openclaw/openclaw-<date>.log path to detect command failures. Ensure that path is appropriate for your environment (or empty) to avoid unintended log parsing. - The code contains no network calls today; a commented note mentions Feishu integration but that is not implemented. If you pull updates to this skill in future, re-check for added network/client code. - Recommended steps: (1) review the scripts locally, (2) run python3 scripts/auto_remind.py --check and python3 scripts/repeat_detect.py manually to see behavior, (3) if you want scheduled runs, use python3 scripts/daily_reflect.py --setup and confirm the plist content before loading, (4) back up any existing reflections/memory files before enabling automated writes.

Like a lobster shell, security has layers — review code before you run it.

latestvk9772tr8f1xgh5xzkdf3f42crd844zkq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments