my-test-2
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears purpose-aligned and not overtly malicious, but it can persist agent learnings into future prompt/instruction files and recommends cross-session tools without clear approval boundaries.
Review this skill before installing if you do not want the agent to create long-lived memories or modify future agent instructions. If you use it, keep learnings scoped, avoid storing secrets or sensitive command output, require approval before promoting entries to CLAUDE.md/AGENTS.md/SOUL.md/TOOLS.md or Copilot instructions, and be cautious with cross-session transcript or sub-agent features.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Incorrect, sensitive, or prompt-like content captured as a learning could affect future sessions or other agents that load these files.
The skill directs the agent to persist learnings into files that become future context/instructions, but the provided instructions do not clearly require user approval, redaction, expiry, or review before promotion.
Broadly applicable learning | Promote to `CLAUDE.md`, `AGENTS.md`, and/or `.github/copilot-instructions.md` ... OpenClaw injects these files into every session
Require explicit user approval before promoting learnings to persistent instruction files, redact secrets and private data, and periodically review or prune stored memories.
A session could read or share information from another session, or start background work, in ways the user may not expect.
The skill recommends cross-session transcript access, messaging, and sub-agent spawning, but does not define recipient identity checks, data boundaries, or approval requirements.
sessions_history — Read another session's transcript; sessions_send — Send a learning to another session; sessions_spawn — Spawn a sub-agent for background work
Use these cross-session tools only with explicit user permission, limit transcript access to necessary excerpts, and avoid sending secrets or private project details between sessions.
If enabled, hook scripts will run during agent events with the same local permissions as the agent environment.
The documentation shows optional event hooks that execute local shell scripts on prompt submission or after Bash tool use. The included scripts appear to output reminders and read tool output for error patterns, which is purpose-aligned, but it is still automatic local execution once enabled.
"UserPromptSubmit" ... "command": "./skills/self-improvement/scripts/activator.sh" ... "PostToolUse" ... "command": "./skills/self-improvement/scripts/error-detector.sh"
Enable hooks only if you want this behavior, review the scripts before enabling them, and disable the hook if the recurring reminders are not needed.
Future sessions may be nudged to log or promote learnings even when the user did not ask for that in the current task.
The OpenClaw hook injects a virtual reminder at agent bootstrap. This is disclosed and limited to reminder text, but it is persistent session-start behavior once the hook is installed and enabled.
if (event.type !== 'agent' || event.action !== 'bootstrap') ... event.context.bootstrapFiles.push({ path: 'SELF_IMPROVEMENT_REMINDER.md', content: REMINDER_CONTENT, virtual: true })Treat the hook as opt-in persistent behavior; enable it only for workspaces where ongoing self-improvement logging is desired.
Users may be unsure whether this package is the same skill advertised by the registry entry or a repackaged copy.
The packaged metadata identifies a different slug/version than the registry entry under review, and the SKILL.md install examples also reference `self-improving-agent`. This looks like a provenance or repackaging mismatch rather than direct malicious behavior.
"slug": "self-improving-agent", "version": "1.0.11"
Verify the package source and intended skill identity before enabling hooks or relying on persistent behavior.