ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Reflect Temp

v1.0.0

Self-improvement through conversation analysis. Extracts learnings from corrections and success patterns, permanently encoding them into agent definitions. P...

0· 84·1 current·1 all-time
by@mmyg11
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (persisting conversation learnings into agent definitions) aligns with the runtime instructions which read, propose diffs, and write agent files. However, the registry metadata declares no required config paths or credentials while the SKILL.md explicitly targets many user and project paths (e.g., ~/.claude/, ~/.claude/agents/, .claude/skills/, ~/.reflect/). The skill therefore assumes filesystem access that is not declared in its metadata — a mismatch the user should be aware of.
!
Instruction Scope
SKILL.md instructs scanning conversation logs, mapping signals to agent files, generating diffs, and applying edits (creating/updating SKILL.md and agent files). It also requires reading/writing user-level and project-level configuration (examples reference ~/.claude, project .claude paths, and ~/.reflect state). While it documents a human-in-the-loop review step, the skill also provides an 'auto-reflect' mode (toggleable via 'reflect on') and default settings that mention auto_reflect — the interplay is ambiguous: the guardrail 'NEVER apply changes without explicit user approval' conflicts with an explicit auto-reflect feature and the capacity to auto-create/update files. Allowed-tools include Bash, Edit, Write, Read, Glob, Grep — these enable broad filesystem and shell actions, so absence of clearer constraints is concerning.
Install Mechanism
This is an instruction-only skill with no install spec and no code files; that minimizes installer risk because nothing is downloaded or executed at install time. The highest-risk runtime capability comes from the allowed runtime tools and the instructions, not from an install step.
!
Credentials
The skill requests no credentials or environment variables in metadata, but SKILL.md refers to an optional REFLECT_STATE_DIR environment variable and expects to write to ~/.reflect and various ~/.claude and project-level files. Declaring no required config paths while the instructions assume write access to many user and repo locations is a proportionality mismatch. There are no secrets requested, which is appropriate, but the filesystem access scope is broad relative to the metadata.
Persistence & Privilege
The skill is not forced always-on (always:false) and does not declare elevated privileges. However, by design it persists changes to user and project agent files and keeps state in ~/.reflect. That persistence is coherent with its purpose, but combined with broad allowed-tools (Bash, Edit, Write) it gives the skill potential to make permanent, cross-session modifications — so you should treat it like a tool that can modify your configuration and codebase and restrict/monitor it accordingly.
What to consider before installing
Before installing: 1) Expect this skill to read and write files under your home and project (~/.claude, .claude/, and a state dir ~/.reflect). Back up those directories or run in a disposable environment. 2) The SKILL.md promises a human-in-the-loop review but also exposes an "auto-reflect" mode — confirm default auto_reflect is disabled and test with auto-reflect turned off until you trust its proposals. 3) Review agent_mappings.md and signal_patterns.md to understand what textual cues will become rules (regexes can create false positives). 4) Limit its state dir by setting REFLECT_STATE_DIR to a sandbox path and ensure your VCS is enabled (so you can revert commits it makes). 5) Because allowed-tools include Bash/Edit, monitor the first few runs, require diffs before applying, and only enable automatic application after you’re confident. If you cannot or do not want the skill to edit global agent files, do not install or run it in a project where those paths are writable by the agent.

Like a lobster shell, security has layers — review code before you run it.

Plugin bundle (nix)
Skill pack · CLI binary · Config
SKILL.mdCLIConfig
Config requirements
State dirs~/.reflect
latestvk97edygxbmtnazcycvargne2h9839kt0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🪞 Clawdis

Comments