Self Improving Agent
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is not clearly malicious, but it automatically creates persistent learning memory and can reapply it across future sessions, so it needs review before use.
Install only if you want persistent self-improvement memory. Before enabling automatic mode, inspect the source and hooks, disable auto_apply/apply_on_startup until you trust the stored learnings, avoid using it with highly sensitive sessions, and make sure you know how to review and delete the learning files.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or sensitive interaction details could be retained locally and influence future sessions, and a bad or manipulated learning could persist across tasks.
The skill explicitly stores derived conversation and user-preference data as persistent memory, which can later be reused by the agent.
Session Learning ... Learns from: Conversation patterns, user preferences ... Stored in: `learnings/sessions.json`
Disable or gate auto-learning/auto-apply by default, review stored learnings before reuse, sanitize error/session data, and provide clear retention and deletion controls.
A mistaken, low-quality, or poisoned learning from one interaction could affect later work until the user finds and removes it.
The recommended automated workflow can carry a learned behavior from one session into future startup and session flows without a clearly documented containment or review step.
"auto_learn": true, "auto_apply": true, "learn_after_session": true, "apply_on_startup": true
Require explicit user approval before applying new learnings, add rollback/reset controls, and separate experimental learnings from trusted production behavior.
Hook files can change agent behavior and, depending on implementation, may execute Python code during normal runs.
The hook system is purpose-aligned, but auto-loading and applying hook code from a workspace path is a powerful mechanism that users should inspect before enabling.
hooks.apply_all() # Apply all hooks ... "auto_load": true, "custom_hooks_path": "./hooks"
Inspect all hook files, avoid enabling untrusted custom hook paths, and prefer an allowlist or approval prompt before hooks run automatically.
Users may have to rely on an external repository or local code review to know exactly what is being installed and run.
The registry metadata does not provide a clear trusted source or install contract, while the artifacts include code and documentation for cloning/installing a Python package.
Source: unknown; Homepage: none; Install specifications: No install spec
Install only from a trusted, reviewed source; verify the repository and dependencies; and prefer a declared, reproducible install specification.