Self Improving Agent
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: self-improvement Version: 1.0.0 The OpenClaw AgentSkills skill bundle 'self-improvement' is classified as benign. Its purpose is to enable an AI agent to log learnings, errors, and feature requests into markdown files for continuous improvement. All scripts (`activator.sh`, `error-detector.sh`, `extract-skill.sh`) and hook handlers (`hooks/openclaw/handler.js/.ts`) are well-contained and perform actions strictly aligned with this purpose. Notably, `extract-skill.sh` includes robust validation to prevent directory traversal (`..`) and absolute path usage, ensuring files are created only within the intended skill directory. The instructions in `SKILL.md` and other documentation guide the agent in managing its internal knowledge and using platform-provided tools (e.g., `sessions_list`, `grep`) without any evidence of malicious intent, data exfiltration, or unauthorized actions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Future sessions may use saved learnings as guidance, so inaccurate or sensitive entries could affect later answers or workflows.
The skill intentionally stores and promotes learnings into files that can influence future agent behavior. This is central to the skill, but persistent instructions can carry forward mistakes, overbroad rules, or private context.
| Broadly applicable learning | Promote to `CLAUDE.md`, `AGENTS.md`, and/or `.github/copilot-instructions.md` |
Review learning entries before promoting them to persistent instruction files, and avoid logging secrets, credentials, private transcripts, or overly broad behavioral rules.
Learnings or transcript content could be shared across sessions or delegated to sub-agents if the user or agent uses these tools.
The documentation describes reading other session transcripts, sending messages to sessions, and spawning sub-agents. This is disclosed as OpenClaw integration behavior, but cross-session context can contain sensitive or unrelated information.
sessions_history(sessionKey="session-id", limit=50) ... sessions_send(sessionKey="session-id", message="Learning: API requires X-Custom-Header") ... sessions_spawn(task="Research X and report back", label="research")
Only share minimal learning summaries across sessions, confirm the target session, and avoid sending sensitive transcript details unless explicitly intended.
If enabled, the agent will receive self-improvement reminders at startup, which may slightly steer future sessions toward logging learnings.
The optional hook injects a virtual reminder into agent bootstrap context. The hook is disclosed and opt-in, but it is persistent behavior once enabled.
event.context.bootstrapFiles.push({ path: 'SELF_IMPROVEMENT_REMINDER.md', content: REMINDER_CONTENT, virtual: true })Enable the hook only if you want persistent reminders, and disable it if it becomes intrusive or causes unwanted logging behavior.
It may be harder to verify exactly which package identity or version this artifact represents.
The bundled metadata differs from the supplied registry metadata, which lists a different owner ID, slug, and version. This does not show malicious behavior, but it creates a provenance/versioning ambiguity.
"ownerId": "kn70cjr952qdec1nx70zs6wefn7ynq2t", "slug": "self-improving-agent", "version": "1.0.11"
Confirm the intended package identity and source before relying on updates or installing from the referenced GitHub/manual path.