ClawHub
Back to skill
v1.0.0

AANA Continuous Self-Improvement Skill

BenignClawScan verdict for this skill. Analyzed May 2, 2026, 8:19 PM.

Analysis

This instruction-only skill appears benign: it guides the agent to improve workflows while requiring approval before lasting memory, tool, policy, or permission changes.

GuidanceThis skill is reasonable to install if you want structured agent self-review. Be careful when approving anything that affects future behavior, memory, files, tools, policies, or external checker sharing, and keep review payloads redacted.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
Apply: only apply low-risk improvements inside the current task. Ask before storing or reusing any improvement later.

The skill is designed to improve future behavior, but it clearly gates any stored or reused improvement behind user approval.

User impactIf you approve future reuse or memory, the agent may change how it handles later tasks based on prior observations.
RecommendationOnly approve specific, non-sensitive workflow improvements, and avoid storing private details or broad behavioral rules.
Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
When using a configured AANA checker, send only a minimal redacted review payload. Prefer summaries over raw private content

The skill allows an optional configured checker to receive review summaries, but it requires redaction and excludes secrets and unnecessary private data.

User impactTask summaries or improvement summaries could be shared with an approved checker if one is configured.
RecommendationUse only trusted checker integrations and verify that payloads are redacted before sharing.