Self Improving Agent
ReviewAudited by ClawScan on May 18, 2026.
Overview
The skill is mostly transparent, but it can persist changes to future-agent memory and instruction files without clear approval, sanitization, or cleanup boundaries.
Install only if you want an agent to keep learning logs and reminders. Before enabling hooks or allowing promotion into AGENTS.md, SOUL.md, TOOLS.md, CLAUDE.md, or Copilot instructions, decide what may be recorded, require review before promotion, and avoid storing secrets or private transcript details.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Incorrect, private, or poisoned learnings could become standing instructions for future agents and influence later work.
The skill directs the agent to move learnings into persistent instruction/context files that future sessions may trust, but the artifacts do not define approval, sanitization, retention, or rollback controls.
Broadly applicable learning | Promote to `CLAUDE.md`, `AGENTS.md`, and/or `.github/copilot-instructions.md` ... Workflow improvements | Promote to `AGENTS.md` ... Tool gotchas | Promote to `TOOLS.md` ... Behavioral patterns | Promote to `SOUL.md`
Require explicit user approval before promotion, sanitize secrets and sensitive context, keep entries scoped, and provide an easy way to review and remove promoted learnings.
Learnings or transcript excerpts could be shared across sessions more broadly than intended.
The skill documents cross-session transcript access, message sending, and sub-agent spawning for sharing learnings. This is purpose-aligned, but it is sensitive and lacks detailed identity, consent, and data-boundary guidance.
sessions_history — Read another session's transcript ... sessions_send — Send a learning to another session ... sessions_spawn — Spawn a sub-agent for background work
Use cross-session tools only with user intent, avoid sharing secrets or private transcript details, and clarify which sessions or agents may receive learnings.
The agent will keep receiving the self-improvement reminder at startup until the hook is disabled.
The optional hook persistently injects a reminder into agent bootstrap context. It is disclosed and limited to reminders, but it changes future session context once enabled.
if (event.type !== 'agent' || event.action !== 'bootstrap') { return; } ... event.context.bootstrapFiles.push({ path: 'SELF_IMPROVEMENT_REMINDER.md', content: REMINDER_CONTENT, virtual: true })Enable the hook only if desired, review the injected reminder content, and document how to disable or remove the hook.
If configured, local scripts run automatically during agent operation with the same permissions as the agent runtime.
The documented optional hook setup runs local shell scripts on prompt submission and after Bash tool use. The supplied scripts only print reminders or inspect an environment variable, so this appears purpose-aligned.
"UserPromptSubmit" ... "command": "./skills/self-improvement/scripts/activator.sh" ... "PostToolUse" ... "command": "./skills/self-improvement/scripts/error-detector.sh"
Review the scripts before enabling hooks, keep paths pinned to the reviewed files, and avoid enabling modified or untrusted hook scripts.
It may be harder to confirm that this package is the intended release from the expected publisher.
The registry metadata is sparse and differs from the bundled _meta.json, which identifies slug `self-improving-agent` and version `3.0.4`. This is a provenance/versioning ambiguity, not direct malicious behavior.
Source: unknown; Homepage: none; Slug: test-skill-delete-me; Version: 1.0.0
Verify the publisher and intended package name/version before installation, especially because the skill can affect persistent agent context.