DellPCgame
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly behaves like a local self-improvement logger, but its package identity is inconsistent and it can persistently change agent memory/context, so it should be reviewed before installation.
Install only if you intentionally want a persistent self-improvement log. Verify the publisher/source because the registry identity does not match the bundled metadata, keep hooks disabled unless desired, and review/redact any .learnings or promoted memory files before they influence future sessions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may not be able to reliably verify which package or publisher they are enabling.
The registry identity does not match the bundled package metadata, and the source/homepage information is unclear, creating a provenance gap for a skill that can affect persistent agent context.
Registry metadata: Name DellPCgame, slug dellwindow17, version v10.1.07; _meta.json: "slug": "self-improving-agent", "version": "3.0.16"
Verify the publisher and source repository before installing, and ask the publisher to align the registry name, slug, version, and bundled metadata.
Incorrect, sensitive, or attacker-influenced notes could be reused by future agents and change their behavior across sessions.
The skill is explicitly designed to persist learnings and promote them into memory files that can influence future sessions; the provided instructions include redaction guidance but do not clearly require user approval before promotion.
Log learnings and errors to markdown files for continuous improvement... important learnings get promoted to project memory.
Review .learnings/ and promoted memory files regularly, require explicit user approval before promotion, and avoid storing secrets, raw transcripts, or full command output.
If enabled, the agent will repeatedly receive self-improvement reminders at startup.
The optional OpenClaw hook injects a reminder into bootstrap context on each main agent session. This is disclosed and purpose-aligned, but it is persistent behavior once enabled.
Fires on agent:bootstrap event... Injects a reminder... event.context.bootstrapFiles = cleanedBootstrapFiles
Enable the hook only if you want recurring reminders, and disable it if you do not want persistent bootstrap context changes.
Session transcripts or learning summaries could be shared across sessions if the user or agent invokes those tools.
The skill documents cross-session transcript reading and message sending. It includes appropriate cautions, but these capabilities can expose sensitive context if used carelessly.
sessions_history — Read another session's transcript... sessions_send — Send a learning to another session... Use these only in trusted environments and only when the user explicitly wants cross-session sharing.
Use cross-session tools only with explicit user intent, and share short redacted summaries instead of raw transcripts or command output.