自我提升助手
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is review-worthy because it tries to remember every skill interaction and automatically change other skills, but it does not clearly limit what it records or edits.
Install only if you are comfortable with a skill that can persist lessons across sessions and potentially edit other skills. Keep optional hooks/background workflows disabled until you review them, require diffs before any skill changes, and periodically inspect or clear the memory files.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could change installed skill guidance or related code based on inferred lessons from unrelated sessions, affecting future behavior without a clear approval checkpoint.
The skill combines broad local read/write/shell authority with an automatic workflow to update skills after any skill completes.
"allowed-tools: Read, Write, Edit, Bash, Grep, Glob, WebSearch" and "after_complete | Any skill completes | Extract patterns, update skills"
Require explicit user approval and a visible diff before any Write/Edit/Bash action that modifies skills or code; limit editable paths and provide rollback instructions.
Sensitive project details, mistakes, or untrusted outputs from one task could be retained and later influence unrelated tasks or skill behavior.
The skill is designed to store and reuse broad cross-session experience data in persistent memory.
"This agent learns from every skill interaction" and "~/.claude/memory/ ... semantic/ ... episodic/ ... working/"
Make memory collection opt-in, scope it to user-selected projects or skills, add redaction/exclusion rules, and provide a simple way to inspect, delete, or disable stored memory.
Commands, file contents, or accidental secrets could appear in terminal/session logs even though no external exfiltration endpoint is shown.
If hooks are enabled, raw tool inputs such as shell commands or write/edit payloads are printed to logs without redaction.
echo "[self-improving-agent] Input: ${tool_input}" >&2Do not log raw tool inputs or outputs by default; redact secrets, truncate large payloads, and require explicit opt-in for detailed logging.
A mistaken or poisoned lesson from one session could spread into several skills and degrade future planning, debugging, review, or security guidance.
The evolution matrix shows that one learned pattern can be propagated into multiple other skills.
"UI/UX spec issue | prd-planner, architecting-solutions | High | Add visual spec requirements"
Apply learned changes one skill at a time, validate them with tests or human review, and keep versioned backups so bad updates can be reverted.
If the background workflow is enabled, the skill may operate after unrelated tasks, making it harder for users to know when learning, logging, or edits are happening.
The design includes background invocation after any skill run, even though the OpenClaw hook support note suggests this may require extra integration.
"Any Skill Run -> workflow-orchestrator -> self-improving-agent (background) -> create-pr (ask_first) -> session-logger (auto)"
Keep background hooks disabled unless explicitly needed, show a clear notification when the skill runs, and provide per-session opt-out and stop controls.