Back to skill
Skillv1.0.0
ClawScan security
My Self Improving · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 1:33 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested actions (creating and using a local ~/self-improving/ memory directory, reading/writing workspace AGENTS/SOUL/HEARTBEAT snippets, optional installing a companion skill) match its self-improvement purpose and there are no unexplained credentials, network installs, or hidden code.
- Guidance
- This skill appears internally consistent and does what it says: it creates a local memory directory (~/self-improving/), logs corrections and preferences, and updates workspace steering files. Before installing or enabling it, consider: (1) Inspect the setup and heartbeat snippets to verify the exact edits to AGENTS.md/SOUL.md/HEARTBEAT.md and confirm they are non-destructive. (2) Understand that learning is stored in plaintext under ~/self-improving/ — don't allow sensitive data (credentials, medical, financial, third-party private info) to be written there and consider file permissions or encryption if required. (3) The skill may optionally install a companion 'Proactivity' skill via network only with your explicit consent — decline if you don't want additional network installs. (4) Periodically audit ~/self-improving/ and run the provided 'forget everything' flow if you want to purge learned data. If you want extra safety, restrict the agent's file-write privileges or test in a sandbox workspace first.
Review Dimensions
- Purpose & Capability
- okName/description (self-reflection, memory, learning) align with the actual behavior: the skill creates a local memory hierarchy, logs corrections, promotes patterns, and updates workspace steering files. No unrelated credentials/binaries are requested and the only optional external step (installing the 'Proactivity' skill) is explicitly gated on user consent.
- Instruction Scope
- noteRuntime instructions direct the agent to read and write files under ~/self-improving/ and to non-destructively augment AGENTS.md, SOUL.md, and HEARTBEAT.md in the workspace. This is within the skill's stated purpose, but it does grant the skill persistent local state and the ability to modify workspace config files — review those target files and the exact edits before enabling the skill.
- Install Mechanism
- okThere is no install spec and no code files that will be downloaded or executed by the platform; this is an instruction-only skill (lowest install risk). The only network-related action is an optional 'clawhub install proactivity' step that the skill promises to run only after explicit user approval.
- Credentials
- noteThe skill requests no environment variables or credentials, which is appropriate. It does require read/write access to the user's home directory (~/self-improving/) and to workspace files (AGENTS.md, SOUL.md, HEARTBEAT.md) — that access is consistent with the skill's purpose but can expose whatever the user places into those files. There is no built-in encryption or access-control guidance beyond 'store with caution' in boundaries.md.
- Persistence & Privilege
- noteThe skill creates and uses persistent local state (memory files) and will load HOT memory at session start. It is not forced into every agent run (always: false). Persistent memory is intended, but users should be aware the agent will retain learned rules across sessions unless explicitly told to forget.