Self Improving Compound
AdvisoryAudited by Static analysis on May 12, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Corrections, preferences, and lessons may persist across sessions and shape future agent behavior.
The skill is explicitly designed to persist lessons and load active memory in future sessions; this is purpose-aligned but should be understood before enabling it.
If yes, “search existing learnings first, then log the lesson before replying” ... “HOT tier (always loaded)”
Review stored memory periodically, keep entries concise and verified, and avoid recording secrets or sensitive personal/project data.
If the post-error hook is enabled, sensitive command output, tokens, or untrusted error text could be saved into durable memory and later reused as context.
The hook appends the raw ERROR_DETAIL argument directly into the persistent corrections log, with no visible redaction or Markdown escaping in the provided hook.
printf "| %s | %s | %s | %s | | ⏳ pending |\n" "$ID" "$TODAY" "$ERROR_TYPE" "$ERROR_DETAIL" >> "$CORRECTIONS_FILE"
Disable the automatic error hook unless needed, or change it to call a redaction/escaping path and require user review before persisting detailed error output.
A secret accidentally included in a learning entry may be preserved in the workspace memory instead of being removed.
For standalone AWS/OpenAI-style key patterns, the first capture group is the secret itself, and the replacement keeps \1, so those secrets would remain in the redacted text if this function is used on log content.
re.compile(r'(?i)(AKIA[0-9A-Z]{16})' ...), re.compile(r'(?i)(sk-[a-zA-Z0-9]{20,})' ...); text = pattern.sub(r'\1[REDACTED]', text)Fix redaction tests so full-secret matches are replaced with only [REDACTED], and avoid logging any secrets until that behavior is verified.
A malformed or manipulated skill name containing path separators or traversal could create or overwrite files outside the intended skills subdirectory, including persistent agent instruction files.
The user-provided skill name is used directly in the output path for a persistent SKILL.md file; the script does not show slug validation or a path containment check.
SKILL_NAME="${1:-}" ... SKILL_DIR="$WORKSPACE_ROOT/skills/$SKILL_NAME" ... cat > "$SKILL_DIR/SKILL.md"Validate skill names with a strict slug pattern, resolve the final path and ensure it stays under the intended skills directory, and avoid overwriting existing files without explicit approval.