self-evalutaed-agent
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is not obviously malicious, but it sets up persistent self-improvement automation that can convert workspace errors into future agent tasks without clear review boundaries.
Before installing, decide whether you are comfortable with a scheduled self-improvement loop modifying OpenClaw memory and backlog files. Verify the source, restrict workspace write access, review generated tasks before any Agent PM executes them, and avoid enabling cron until you have tested the workflow safely.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bad or attacker-influenced error entry could become a persistent backlog task or research note that later agents treat as trusted instructions.
The cycle turns log-selected topics into persistent research/backlog text. Because those topics are derived from error/circuit/backlog analysis and no sanitization or review step is shown, untrusted or malformed operational content can become future agent context.
topic = run_topic_selector(errors_found)
...
### From Log Analysis: {topic['topic']}
...
with open(backlog_file, 'w') as f:
f.write(content + task)Treat log-derived task text as untrusted, sanitize or quote it, and require user review before adding generated tasks to shared backlog or memory.
One noisy or poisoned input could propagate into repeated backlog work or automated changes by another agent.
The documented workflow chains detected errors into generated tasks and then into another agent's execution queue, without describing containment or a mandatory approval boundary.
- **Auto-Trigger**: Automatically runs when new errors are detected ... 5. **Execution**: Backlog Agent PM executes tasks sorted by impact
Keep generated backlog items in a pending-review area, require explicit approval before Agent PM execution, and run changes in a safe/staging environment first.
If enabled, the skill can keep modifying workspace research/backlog state on a schedule even when the user is not actively invoking it.
The skill documents a daily scheduled run. This is disclosed and user-directed, but it creates background autonomous behavior if the user installs the cron entry.
## Cron Integration Add to your cron jobs: ... "schedule": "0 10 * * *", "command": "python3 skills/self-improving-agent/scripts/self_improvement_cycle.py"
Only add the cron job if you want ongoing automation, monitor its outputs, and keep an easy removal/disable path.
If the workspace script path is replaced or writable by an untrusted party, the scheduled trigger could run unintended local code.
The auto-trigger executes a local Python script when new errors are found. This is central to the skill's purpose and uses an argument list rather than shell expansion, but it still depends on the configured workspace script path being trusted.
result = subprocess.run(
['python3', script_path],
capture_output=True,
text=True,
timeout=120,
cwd=WORKSPACE
)Keep the OpenClaw workspace and scripts directory writable only by trusted users, and verify the script path before enabling automated triggers.
A user may install code from an external repository or copy scripts into a privileged workspace without registry-managed pinning or verification.
The README provides manual external clone/copy installation instructions, while the registry view has no install spec. This is not inherently malicious, but provenance and installed contents need user verification.
git clone https://github.com/mopga/self-improving-agent.git cd self-improving-agent # Copy scripts to your OpenClaw workspace cp -r scripts/* /root/.openclaw/workspace/scripts/
Install only from a trusted, reviewed source and compare copied scripts with the reviewed artifacts before running or scheduling them.