Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Auto Improver Pro
v1.0.0Auto-improving AI skill that learns from every execution and continuously optimizes itself. 17-minute autonomous loop with feedback collection and pattern ex...
⭐ 0· 35·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill advertises an autonomous, 17-minute self-improvement loop that reads execution history and modifies/optimizes other skills, but the registry metadata lists no install spec, no required binaries, no env vars, and no required config paths. package.json is present and references main: src/index.js and a clawhub slug (auto-improver-pagoda) that does not match the registry slug (auto-improver-pro), yet no src files are included. These mismatches are inconsistent with the claimed capability (which would normally need code, installation, and access to execution logs/configs).
Instruction Scope
SKILL.md explicitly instructs running shell commands (clawhub install, self-improving-skill start/status/inspect) and lists tools Read/Write/Bash/Exec. It also claims to collect past execution data and user feedback and to 'automatically execute optimizations' — actions that imply access to files, skill definitions, and possibly networked data. None of the data sources, file paths, or credentials required for those actions are declared. The instructions are broad and grant the agent discretion to install and run software and to access local data without specifying safeguards or where data is stored/encrypted.
Install Mechanism
No formal install spec is registered (instruction-only), yet SKILL.md tells users/agents to run 'clawhub install' and run a binary named self-improving-skill. That implies a network install step outside the registry's install metadata. package.json indicates a Node entry point (src/index.js) but that code is absent from the package manifest. The lack of an explicit, auditable install source (release URL, trusted registry link) increases risk because the installer could fetch arbitrary code.
Credentials
The skill requests no environment variables or credentials in registry metadata, but its behavior (reading execution histories, analyzing user feedback, modifying other skills) inherently requires access to user data and possibly credentials. The SKILL.md's claim of 'local encryption' and 'sensitive information automatic masking' is unsubstantiated: there is no description of key management or where encrypted data is stored. The mismatch between claimed data access and declared zero required env/config is a red flag.
Persistence & Privilege
The skill describes an autonomous 17-minute recurring loop and lists Bash/Exec tools — behavior that normally requires installing a background process or scheduler. While always:false and normal autonomous invocation are set, the instructions encourage installing a runtime (clawhub install) which could create persistent processes. The combination of suggested installation + shell execution + data access without declared limits raises the risk of unwanted persistent activity.
What to consider before installing
Do not install or run this skill yet. Ask the publisher for: (1) the full source code (src/index.js and all runtime files) and a verifiable install URL or package release; (2) an explicit install spec and list of endpoints the installer will contact; (3) exact data sources, file paths, and credential requirements (how it reads execution history and feedback); (4) details on encryption/key management and where data is stored; (5) clarification of the slug/author mismatch in package.json. If you must test, run it in a tightly sandboxed environment or container with no network access, and do not grant Read/Write/Bash/Exec tools or any sensitive credentials. Prefer a security review or reproducible build from a trusted repository before granting broader privileges.Like a lobster shell, security has layers — review code before you run it.
latestvk979ekxhdmb6ndh0pveqff9j15841n0n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.