ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hermes Learning Loop

v1.0.0

Self-improving learning loop inspired by Hermes Agent. Automatically extracts successful workflows, creates skills, and persists knowledge across sessions.

0· 40·0 current·0 all-time
by陈子昂@mystour
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md implement a learning loop that inspects recent tasks, extracts workflows, writes MEMORY.md/USER.md entries and generates SKILL.md files under a skills directory. Those capabilities align with the stated purpose (self-improving agent and skill creation).
!
Instruction Scope
Instructions and the script direct the agent to read session data, evaluate and persist curated memories, and create skill files. The SKILL.md explicitly references using a 'system prompt' for reflection (prompt injection pattern detected). The agent is given broad discretion to decide what to persist, which risks storing sensitive context. The script also references loading sessions and recent tasks (getRecentTasks/loadSession) — those functions are truncated in the provided listing; you should verify they don't read arbitrary files or external endpoints.
Install Mechanism
No install spec or external downloads are present; the skill is instruction-only plus an included JS script. Nothing in the manifest attempts to fetch remote archives or run third-party installers.
Credentials
The skill requests no credentials and only mentions non-sensitive environment variables (nudge interval, min tool calls, skills dir, auto-create). These settings are proportionate to its task. It uses the workspace and a .openclaw directory to store state; that is expected but worth noting because it writes to user files.
!
Persistence & Privilege
The skill intentionally writes new SKILL.md files into the user's skills directory (~/.openclaw/skills or configurable LEARNING_SKILLS_DIR) and persists state in .openclaw/.learning-state.json. Creating or updating other skill files is powerful: if AUTO_CREATE is enabled (configurable via env), the skill can persist new skills without interactive approval. Combined with the prompt-override pattern, this raises the possibility of persistent, self-propagating behavior that should be reviewed.
Scan Findings in Context
[system-prompt-override] unexpected: SKILL.md and architecture text include lines like 'System prompt: "Reflect on recent activity"' and the pre-scan flagged a system-prompt-override pattern. While internal reflection prompts are relevant to a learning loop, instructions that override or set system-level prompts are sensitive because they can change high-privilege agent behavior. Verify what the code actually does with prompts and ensure it does not replace or persist system prompts globally.
What to consider before installing
This skill mostly does what it says (extracts workflows and writes skill files), but there are two things to check before installing: (1) prompt-override risk — the SKILL.md contains text flagged as 'system-prompt-override'; review the JS to confirm it does not set or persist system-level prompts or otherwise inject prompts into privileged contexts; (2) persistence into skills dir — the script writes SKILL.md files into ~/.openclaw/skills (or a configured directory) and can auto-create skills if AUTO_CREATE is enabled. To reduce risk: run the skill in a sandboxed workspace first (set OPENCLAW_WORKSPACE to an isolated folder), set LEARNING_AUTO_CREATE=false, set LEARNING_SKILLS_DIR to a non-global path you control, inspect loadSession/getRecentTasks implementations to ensure they don't read arbitrary files or call external endpoints, and review any generated SKILL.md files before placing them into your real skills directory. If you are not comfortable auditing the code, avoid installing or only use it in an isolated environment.
!
SKILL.md:80
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

automationvk97ehger639fvdgb59j8w4tsxh844brghermesvk97ehger639fvdgb59j8w4tsxh844brglatestvk97ehger639fvdgb59j8w4tsxh844brglearningvk97ehger639fvdgb59j8w4tsxh844brgself-improvementvk97ehger639fvdgb59j8w4tsxh844brg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments