ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Self Improving Agent

v3.2.1

Self-improving agent system for OpenClaw. Enables continuous learning from interactions, errors, and recoveries. Automatically improves performance over time.

0· 229·1 current·1 all-time
byClawMem.com@leohuang8688
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (self-improving agent for OpenClaw) align with the included code: hooks for errors/sessions/performance, a CLI entrypoint, and local learnings storage. This is coherent: the code implements learning hooks and persistence, which matches the stated purpose. Minor mismatch: README/SKILL.md repeatedly says integration with OpenClaw and automatic learning after each session, but the visible code offers a CLI and hook modules that appear to operate on local files — the integration mechanism with the OpenClaw runtime (automatic registration/triggers) is not clearly implemented in the exposed files.
!
Instruction Scope
SKILL.md instructs cloning into the OpenClaw skills directory and claims 'Auto-learning is enabled by default' and automatic learning after each session. However, the code shown (main.py and hooks/*) does not clearly demonstrate automatic registration with OpenClaw session lifecycle; hooks in hooks/ use Path(__file__).parent.parent for their workspace (the skill repo root) instead of using the workspace path passed to the CLI components. SKILL.md also suggests creating .env variables and config.json values that the visible code does not read. Additionally, a pre-scan detected 'unicode-control-chars' in SKILL.md (prompt-injection style), which could be an attempt to influence automated processing or hide text; review the raw SKILL.md file for hidden/obfuscated content.
Install Mechanism
No automated install spec in registry; SKILL.md recommends git clone + pip install -e (standard, low-risk). The repository referenced is GitHub (common host). There are no download-from-arbitrary-URL installers or packaged binary extracts in the registry metadata. Because code files ship with the skill, installing will write Python files to disk (normal for a skill).
Credentials
The registry metadata declares no required env vars or credentials (good). SKILL.md and README suggest optional .env and config.json keys (WORKSPACE_PATH, LEARNING_ENABLED, etc.), but the visible code does not appear to consume these environment variables consistently. There are no requests for secrets or unrelated credentials. The mismatch is an implementation/documentation inconsistency rather than an escalatory credential ask.
Persistence & Privilege
The skill persistently stores learnings and logs under a 'learnings' directory and applies hooks to change runtime behavior (auto-apply is a documented feature). The registry flags do not set always:true and the skill does not request system-wide privileges. Still, the skill is capable of modifying agent behavior over time (self-improvement and auto-apply), so you should treat it as a persistent, behavioral modifier and enable it carefully (e.g., start with auto_apply disabled).
Scan Findings in Context
[unicode-control-chars] unexpected: The pre-scan detected unicode control characters in SKILL.md. This is not expected for a normal README/installation file and can be used to obfuscate or inject hidden content. It doesn't by itself prove malicious intent, but you should inspect the raw SKILL.md for hidden characters or unusual escaping before trusting automated processing.
What to consider before installing
High-level guidance before installing: - Inspect the full source locally (SKILL.md, README, src/, hooks/) before enabling. The code runs locally and writes to a learnings/ folder; verify exactly where data will be stored. - Confirm how the skill integrates with OpenClaw in your environment: the docs claim automatic learning after each session, but the visible code does not clearly register with OpenClaw lifecycle events — test in an isolated environment first. - Look for hidden/odd characters in SKILL.md (the scanner flagged unicode-control-chars). Open the file in a hex-aware editor or run a control-character stripper to confirm there is no obfuscated instruction. - Start with auto-apply / auto-learn disabled in configuration if possible. Manually review learnings and the hooks that get applied before letting the skill mutate agent behavior automatically. - Check where learnings are written; the hooks modules currently write under the skill directory (Path(__file__).parent.parent/learnings) which may differ from your workspace path — ensure permissions and retention policy are acceptable. - Run the included tests (pytest) and try the CLI commands (learn/review/export) locally to confirm behavior. What would change this assessment: seeing the full implementations of src/hooks.py and src/memory.py (to confirm whether session logs are read and whether any network calls or external endpoints exist), or evidence that the skill registers itself automatically with OpenClaw's runtime in a secure, auditable way. If those files show no network/exfiltration and workspace handling is consistent, the risk would be lower (benign). If additional files show network uploads, credential access, or automatic remote code execution, the rating would rise to higher concern.

Like a lobster shell, security has layers — review code before you run it.

latestvk9774he25d0pzen7xpy4cnag05831cpr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments