Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
daily-introspection
v1.0.3Autonomous daily self-introspection and self-improvement for OpenClaw agents. Automatically reviews daily conversation logs, identifies mistakes and improvem...
⭐ 1· 106·1 current·1 all-time
byxRay@raydoomed
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (autonomous introspection and promotion of lessons) aligns with the files and actions described (reading daily logs, .learnings, producing introspection records and promoting rules). No unrelated environment variables or external services are requested. However, promoting rules into AGENTS.md / MEMORY.md / TOOLS.md is a high-impact capability; while coherent with 'self-improvement', it should be justified and constrained.
Instruction Scope
SKILL.md and the scripts instruct reading many internal workspace files (memory/YYYY-MM-DD.md, .learnings/*, SESSION-STATE.md, HEARTBEAT.md, etc.) which is consistent with introspection. The concerning part: the workflow explicitly directs promotions to permanent system files (AGENTS.md / MEMORY.md / TOOLS.md) and mandates automatic verification after writing. The two included scripts themselves only collect inputs and do not implement promotions — the LLM/agent is expected to perform the writes. There are no explicit safeguards, content validation steps, authorization checks, or human approval gates for modifying these core files. The cron/system-event snippets instruct writing outputs and performing promotions, further enabling autonomous modification. This grants the skill broad discretionary power to change critical agent behavior.
Install Mechanism
No install spec, no external downloads, and only two small included scripts — low install risk. Nothing is written to disk by an external installer; the scripts are plain Python and operate on local workspace files.
Credentials
The skill requests no credentials and no special environment variables beyond optionally using OPENCLAW_WORKSPACE (defaulting to ~/.openclaw/workspace). The file accesses are relevant to the stated purpose. There are no network endpoints or secret exfiltration steps in the provided files.
Persistence & Privilege
always:false (good) and no extra privileges declared; however the skill's runtime instructions and cron entries enable autonomous, persistent edits to system files (AGENTS.md / MEMORY.md / TOOLS.md). Even without always:true, normal autonomous invocation plus the ability to write core rule files creates a large blast radius. The scripts rely on the agent/LLM to perform promotions and writes; without checks this allows persistent, potentially unsafe behavioral changes.
What to consider before installing
This skill will read your agent's internal logs and .learnings and is explicitly designed to promote 'mature' lessons into permanent system files (AGENTS.md, MEMORY.md, TOOLS.md). That is powerful: it can change how your agent behaves going forward. Before installing, consider: 1) Run it in a sandbox/test workspace first and back up AGENTS.md/MEMORY.md/TOOLS.md. 2) Disable autonomous promotions or require a human approval step for all promotions (the skill currently has no approval gate). 3) Restrict file permissions so the skill/agent cannot write those system files unless explicitly allowed. 4) Add validation/audit logging to any promotion step (diffs, signatures, and an explicit confirmation). 5) Note the scripts collect inputs but rely on the LLM/agent to perform writes — inspect actual LLM outputs and deployment hooks before allowing automatic promotions. If you cannot enforce an approval process, treat this skill as high-risk.Like a lobster shell, security has layers — review code before you run it.
latestvk97d37a593f0cq1tpdy2rjmndn84967m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.