Error-Driven Evolution
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent and purpose-aligned, but users should notice that it creates persistent lesson files, uses community-sourced rules, and optionally publishes anonymized lessons.
This skill appears safe to install if you want persistent error-to-rule learning. Before using it, decide where lesson files should live, review any community rule files before adding them to startup context, and do not publish lessons unless a human has checked that all sensitive details are removed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Future answers or actions may be shaped by whatever is stored in the lesson files.
The skill deliberately creates persistent rules that influence future agent behavior. This is purpose-aligned, but persistent rules can become stale, overly broad, or influenced by bad corrections if not reviewed.
Write it to `lessons.md` in its workspace ... Scan relevant rules **before** future decisions
Keep lessons specific, avoid secrets or personal details, periodically review them, and treat them as guidance that cannot override higher-priority instructions.
Unreviewed community rules could steer the agent in unexpected ways.
The skill asks the user or agent to rely on external community rule files that are not included in the provided package. Because those rules are later scanned on startup, their source and contents should be verified.
Copy `community/top-100.md` to your workspace as `top-100.md` — this is your pre-installed immune system.
Review any downloaded community lesson files before adding them to startup context, and prefer pinned or trusted versions.
If a lesson is shared without careful review, private project details or credentials could be exposed.
The skill includes an optional workflow for sharing lessons publicly. The artifact provides an anonymization checklist, which is a mitigating control, but publication still crosses a data boundary.
Before sharing, strip ALL of these: ... URLs, API keys, tokens, file paths ... any identifiers
Only share lessons with explicit user approval, follow the anonymization checklist, and manually inspect content before opening a PR or issue.