Self Improving Agent 1.0.1
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: self-improving-agent-1-0-1 Version: 1.0.0 The skill includes `scripts/extract-skill.sh` which creates directories and files based on agent/user input, a high-risk capability, even though it's intended for skill creation. Furthermore, the `references/hooks-setup.md` documentation is misleading, stating that 'Scripts only output text; they don't modify files or run commands,' which is contradicted by the file-creating behavior of `extract-skill.sh`. While the skill's overall purpose of agent self-improvement is benign, these risky file system modification capabilities and the lack of transparency about them elevate the classification to suspicious.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or poisoned learning could be turned into durable instructions that steer future AI sessions or Copilot behavior.
The targets listed in the same section include CLAUDE.md, AGENTS.md, and .github/copilot-instructions.md, which are persistent instruction/context files. The workflow describes adding or creating them without showing an explicit user confirmation step.
When a learning is broadly applicable (not a one-off fix), promote it to permanent project memory. ... Add to appropriate section in target file (create file if needed)
Require explicit user approval and a visible diff before promoting anything to agent instruction files; keep provenance, make promotions easy to revert, and limit promotions to project-scoped facts.
Private details, credentials, or customer data could be accidentally preserved in .learnings/ if users or agents log raw outputs uncritically.
The logging templates encourage storing detailed operational context in persistent markdown files. This is aligned with the skill's purpose, but error output or parameters can sometimes contain secrets or sensitive project data.
Full context: what happened, what was wrong, what's correct ... Actual error message or output ... Input or parameters used ... Environment details if relevant
Redact secrets and personal data before logging; consider excluding .learnings/ from version control unless intentionally shared.
If enabled globally, the skill can keep injecting self-improvement reminders into future agent sessions even outside the current project.
The optional hook setup can make the reminder script run automatically across sessions. The artifacts disclose that this is opt-in and the provided hook scripts only emit reminders, so this is a persistence note rather than a hidden behavior concern.
Add to `~/.claude/settings.json` for global activation ... command `~/.claude/skills/self-improvement/scripts/activator.sh`
Prefer project-level or minimal hooks unless global behavior is intended, and disable the hook configuration when no longer needed.