Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Self Improving Agent 1.0.1
v1.0.0Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.
⭐ 1· 2.2k·8 current·8 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (capture learnings, errors, promote to project memory) match the delivered artifacts: templates, examples, and three helper scripts (activator, error-detector, extract-skill). Nothing requested (no env vars, no external credentials) appears unrelated to the stated purpose.
Instruction Scope
SKILL.md explicitly instructs the agent to create and append to .learnings/* and to promote learnings into project files (CLAUDE.md, AGENTS.md, .github/copilot-instructions.md). That behaviour is expected for a logging/promote-to-memory skill but it does grant the skill the ability to write project files if a user or agent follows instructions. The hooks guide also suggests editing user-level settings (~/.claude/settings.json) to enable global activation — this is opt-in but expands scope to user-level configuration when enabled.
Install Mechanism
No install spec or remote downloads. The package is instruction-plus-local-scripts only; scripts are simple, contained, and create/modify only local files. No network fetches or archive extraction were found.
Credentials
The skill declares no required environment variables or credentials (appropriate). The error-detector script reads CLAUDE_TOOL_OUTPUT at runtime (not declared in metadata) which is reasonable because it's a hook-runner environment variable provided by the host. Users should confirm their runtime actually provides that variable before enabling the PostToolUse hook.
Persistence & Privilege
always:false (normal). Persistence is achieved only by opt-in edits to project or user-level settings to add hooks. This is expected for a hook-based skill, but editing ~/.claude/settings.json enables global behavior — users should be aware that choosing user-level configuration makes the hooks run across sessions/projects.
Assessment
This skill is coherent with its purpose: it provides templates and small helper scripts to remind the agent to record learnings and to scaffold extracted skills. Before enabling it:
- Review the three scripts (activator.sh, error-detector.sh, extract-skill.sh) — they are small and local; activator only prints a reminder, error-detector inspects the CLAUDE_TOOL_OUTPUT text for error patterns, and extract-skill scaffolds files.
- Enable hooks only where you want them. Prefer project-level configuration (./.claude/settings.json) over user-level (~/.claude/settings.json) if you don't want global activation.
- Expect the skill to instruct the agent to create/append files under the project tree (.learnings/, CLAUDE.md, etc.). Ensure these files won't accidentally capture secrets or sensitive outputs.
- Confirm your runtime provides the CLAUDE_TOOL_OUTPUT environment variable if you enable the PostToolUse hook; otherwise the error-detector will do nothing.
- If you want tighter control, enable only the activator (lighter) and avoid enabling PostToolUse hooks that run after every shell command.
Overall this appears benign and consistent, but only enable it where you trust the agent and repository to accept automated file writes.Like a lobster shell, security has layers — review code before you run it.
latestvk97a43mf81cqprsrwms6a4hap17zx2z3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.