Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Self_Improving_ClawAgent
v1.0.1Generates and debugs code, scaffolds projects, navigates antigravity environments, and performs resilient YouTube research with fallback data modeling.
⭐ 1· 52·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims self-improvement, code generation, and YouTube research and includes code (refine.py, youtube_research.py) that implements those behaviors. That is broadly consistent. Small inconsistencies: manifest.json uses a different name ('Self-Evolving-Architect') and declares filesystem read permissions for the entire workspace (read: ['./*']), which is broader than the described needs.
Instruction Scope
MASTER_PROMPT and SKILL.md explicitly instruct the agent to read MEMORY.md/SOUL.md and to perform automatic 'Self-Rewrite' actions that overwrite SKILL.md via generated Python code. The runtime instructions authorize autonomous modification of skill files (and the repository workspace), which is scope-expanding and can change behavior over time. Although refine.py provides backup and a BASE_DIR check, the instructions still permit open-ended self-editing.
Install Mechanism
No install spec or remote downloads; this is an instruction-and-local-code skill. No external install URLs or package pulls were observed.
Credentials
The skill declares no required environment variables, which is appropriate. However, manifest.json allows reading './*' (the whole workspace) and grants 'local_code_execution' capability; this is broader than necessary for the described tasks and could expose sensitive files (e.g., .env, credentials) even if SKILL.md says 'Never overwrite .env'. The code itself does not read arbitrary environment variables, but the declared permissions are excessive relative to declared needs.
Persistence & Privilege
The skill is able to write SKILL.md, MEMORY.md, and SOUL.md and to execute local code (refine.py). While 'always' is false, the skill permits autonomous invocation (default platform behavior) and includes an explicit self-evolution loop that persists changes. That combination increases the blast radius: it can change its own instructions and behavior over time without additional human confirmation.
What to consider before installing
This skill is internally coherent with its 'self-improving' purpose but carries real risk because it is allowed to modify its own instruction files and execute local code. Before installing, consider: 1) Run the skill in a tightly sandboxed environment (ephemeral VM/container) isolated from sensitive files and credentials. 2) Remove or narrow the manifest read permission (do not allow './*'); restrict writes to only the exact files you consent to (SKILL.md/MEMORY.md/SOUL.md) if you accept them. 3) Require manual approval for any self-patch or automatic SKILL.md overwrite (disable autonomous self-patching or set an explicit confirmation step). 4) Review and harden refine.py (the BASE_DIR check helps, but ensure BASE_DIR is correctly set and that no symlink/traversal bypass exists). 5) Keep the repository under version control and monitor backups (.bak) and commit diffs after each change. 6) Prefer disabling autonomous invocation (disable-model-invocation) while you audit runtime behavior. 7) If you must use it, limit network access and monitor outbound connections — the current code has no network exfiltration, but self-modification could add it later. If you are uncomfortable with a tool that can rewrite its own instructions, do not install or only run it in a disposable test environment.Like a lobster shell, security has layers — review code before you run it.
latestvk970ztsypgvwp66v8asznw81dx849bfa
License
MIT-0
Free to use, modify, and redistribute. No attribution required.