v1.0.0

Self Improving Agent 3.0.6

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:14 AM.

Analysis

The skill is coherent for self-improvement, but it asks the agent to write persistent memory and prompt files that are injected into future sessions and can be shared across sessions, so it needs careful review before installation.

GuidanceInstall only if you are comfortable with the agent keeping long-term learning files that may influence future sessions. Review every promoted memory or instruction change, avoid logging secrets or private transcript details, and be cautious with the optional hook and inter-session sharing features.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

Optional: Enable Hook ... For automatic reminders at session start: cp -r hooks/openclaw ~/.openclaw/hooks/self-improvement ... openclaw hooks enable self-improvement

The hook is described as optional and purpose-aligned, but it creates persistent automatic behavior at session start.

User impactIf enabled, the skill may keep influencing new sessions through startup reminders even when the user did not manually invoke it.

RecommendationEnable the hook only if you want persistent startup behavior, and review/disable the hook if the reminders or memory behavior become unwanted.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

SKILL.md

git clone https://github.com/peterskoett/self-improving-agent.git ~/.openclaw/skills/self-improving-agent

The provided artifact is instruction-only, but its manual setup points to an external repository and optional hook/assets paths that are not present in the reviewed artifact set.

User impactInstalling from the external repository or enabling hooks may introduce files that were not part of this review.

RecommendationVerify the external repository, inspect any hook files before enabling them, and prefer pinned or trusted sources for installation.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityHighConfidenceHighStatusConcern

SKILL.md

OpenClaw injects these files into every session: ... AGENTS.md ... SOUL.md ... TOOLS.md ... MEMORY.md ... .learnings/

The skill stores learnings in files that become persistent context for future sessions, so incorrect, sensitive, or maliciously influenced entries could be reused by the agent later.

User impactFuture agent sessions may follow stale, wrong, or overly broad instructions, and private details logged once may continue to appear in later context.

RecommendationOnly allow promotion to persistent memory or agent instruction files after review, and keep sensitive details, credentials, and private conversation content out of these files.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Review and promote broadly applicable learnings to: CLAUDE.md ... AGENTS.md ... .github/copilot-instructions.md

The skill directs the agent to move learned content into project-level instruction files used by other agents, without an explicit approval or retention boundary.

User impactA temporary correction or error detail could become a durable instruction that changes behavior across the project or is later picked up by other coding assistants.

RecommendationRequire explicit user approval before editing CLAUDE.md, AGENTS.md, Copilot instructions, SOUL.md, TOOLS.md, or other persistent prompt files.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

SKILL.md

sessions_history — Read another session's transcript; sessions_send — Send a learning to another session; sessions_spawn — Spawn a sub-agent for background work

The skill references reading transcripts and sending information between sessions, but does not define identity, consent, redaction, or data-boundary controls.

User impactConversation history or learned details from one session could be exposed to another session or agent unexpectedly.

RecommendationUse inter-session tools only with clear user approval, avoid sending sensitive transcript content, and confirm the target session or agent before sharing.