v1.0.0-alpha

Auto Improving Agent

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:25 AM.

Analysis

The skill is coherent and purpose-aligned, but it persistently writes local learning files and injects a bootstrap reminder that users should understand before enabling.

GuidanceThis skill does not show exfiltration, credential use, or unrelated system access. Install it if you want an agent to maintain local learning notes, but periodically inspect `.learnings/`, avoid logging secrets, and use dry-run or backups before retention sweeps delete entries.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

## Automated triggers

These fire without user prompting: ... Run this sweep during heartbeat maintenance (every ~3 days)

The skill discloses autonomous logging and periodic retention behavior. It is purpose-aligned, but it means the agent may update persistent learning files without a direct user prompt.

User impactThe agent may add, archive, or remove local learning entries as part of normal operation.

RecommendationEnable this only if you want autonomous learning-file maintenance, and keep the behavior scoped to the intended workspace files.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

scripts/retention_scorer.py

# "delete" entries are simply dropped ... learnings_path.write_text("\n".join(header_lines + keep_lines) + "\n")

The retention helper can rewrite `.learnings/LEARNINGS.md` and drop entries classified for deletion. This is disclosed and scoped, but it is still local file mutation.

User impactUseful learning entries could be removed if the heuristic scoring is wrong or run too aggressively.

RecommendationRun the scorer with `--dry-run` first or keep `.learnings/` under version control/backups before applying retention decisions.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

No install spec — this is an instruction-only skill. ... Code file presence: 4 code file(s): hooks/openclaw/handler.js ... scripts/retention_scorer.py

The registry-level install description understates that executable hook/script files are included. The files are provided for review and appear purpose-aligned, so this is a metadata/provenance note rather than a behavioral concern.

User impactUsers expecting a purely instruction-only skill may not realize it includes a bootstrap hook and local script.

RecommendationReview the included hook and script before enabling; the publisher should declare hook/script capabilities more explicitly.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

`.learnings/LEARNINGS.md` — corrections, env configs, reusable fixes, architecture decisions ... `Cross-session pattern detection`: When `memory_search` returns a daily note describing a workaround ... log it.

The skill persistently stores corrections, environment details, and cross-session discoveries for future reuse, which is central to the skill but can shape later agent behavior.

User impactIncorrect, outdated, or overly private entries could persist and influence future sessions.

RecommendationReview `.learnings/` periodically, avoid storing secrets or sensitive personal details, and require user review before promoting entries into broader behavior files.