Skillv2.0.0

ClawScan security

Self-Improving Agent (Anti-Loop Hardened) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 6:13 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements, instructions, and included scripts are coherent with its stated purpose of capturing learnings and errors; it does not request unrelated credentials or perform hidden network installs, but enabling its hooks at a global/user level increases how often its scripts will run and should be done deliberately.
Guidance: This skill appears coherent and implements what it claims: it logs learnings/errors into workspace files and provides safe guardrails to avoid feedback loops. Before installing or enabling hooks globally, review the provided scripts (activator.sh, error-detector.sh, extract-skill.sh) to confirm you’re comfortable with them running automatically in your environment. Prefer project-level hook configuration rather than user-global hooks if you want to limit how often these scripts run. Confirm the .learnings directory location and file permissions, and note that the scripts expect OpenClaw/Claude hook context (e.g., CLAUDE_TOOL_OUTPUT). If you need tighter control, keep the skill installed but only run it manually or enable hooks with restrictive matchers so it doesn't trigger on every prompt or tool use.

Review Dimensions

Purpose & Capability: okName/description match what the files do: capture learnings/errors and append them to .learnings/*.md. Included scripts and hook handlers support that purpose (injecting bootstrap reminders, detecting command errors, scaffolding extracted skills). No unrelated credentials, binaries, or remote downloads are required.
Instruction Scope: noteSKILL.md instructs the agent to append entries to workspace files (.learnings/{LEARNINGS,ERRORS,FEATURE_REQUESTS}.md) and enforces tight guardrails (one learning per user message, max 3 tool calls, no chaining, cooldown). That scope is appropriate. Note: various reference docs describe OpenClaw APIs (sessions_list/history/send/spawn) and configuring hooks; those are advisory but could expand agent behavior if users adopt them. The skill itself does not automatically read/write unrelated system files or request secrets.
Install Mechanism: okNo remote install downloads or package installs are declared — this is an instruction-and-script bundle. The included shell scripts and hook handlers are local files that would be copied into the user's skills/hooks directories when installed. No extract-from-remote URLs or archives are used.
Credentials: okThe skill declares no required env vars or credentials. The hook scripts reference CLAUDE_TOOL_OUTPUT (expected in the hook context) and event/context objects provided by OpenClaw; these are reasonable and proportionate to detecting errors and injecting bootstrap reminders. No secrets or unrelated env vars are requested.
Persistence & Privilege: notealways:false (default), and the skill is user-invocable. However, the documentation encourages installing hooks (activator/error-detector) at project or user level; enabling user-level hooks means the scripts will run automatically with the agent's permissions whenever those events fire. This is normal for hooks but is a persistence/automation point the user should deliberate before enabling globally.