Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
hermes-learning-loop
v1.0.0融合 Hermes Agent 自我进化理念的增强技能。 将 Hermes Agent 的核心差异化能力(自学习闭环、自动技能沉淀、经验驱动的迭代优化) 内化为 OpenClaw 环境下的可执行工作方法。 触发场景:完成复杂任务后自动复盘沉淀、定期技能优化审查、从错误中提取经验。
⭐ 0· 49·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (implementing a Hermes-style learning loop) aligns with the actions described: reading/writing memory files (memory/*.md, MEMORY.md), evaluating patterns, and extracting skills (skills/*.md). No unrelated external credentials, binaries, or install steps are requested, so required capabilities are proportionate to the stated goal.
Instruction Scope
SKILL.md explicitly instructs the agent to write logs to memory/YYYY-MM-DD.md, update MEMORY.md, evaluate and create or update skills (skills/*.md), and run periodic 'skill audits' during Heartbeat. These instructions grant the agent broad discretion to modify the agent's persistent data and skill files. The doc also references internal tools (memory_search, lcm_grep, lcm_expand, SkillHub CLI, exec) without declaring them; if those tools allow shell execution or network actions, they widen the surface. There are no instructions to transmit data externally, but the scope of file writes and autonomous edits is significant.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That minimizes supply-chain risk — nothing is downloaded or executed from an external URL as part of installation.
Credentials
The skill does not request environment variables, credentials, or config paths. However, it assumes access to internal storage (memory/, skills/) and to helper tools (memory_search, lcm_grep/lcm_expand, SkillHub CLI, exec). Those assumed capabilities are reasonable for a learning-loop skill, but they are not explicitly declared in metadata.
Persistence & Privilege
Although always:false, the skill expects to run periodic Heartbeat review tasks and to autonomously create or update SKILL.md files in skills/, modifying the agent's set of skills and persistent memories. The guidance to 'consider creating independent SKILL.md' effectively allows the agent to add/modify skills; per evaluation rules, that crosses into modifying other skills/system state and should be constrained or guarded by user approval.
What to consider before installing
This skill is mostly coherent with a "self-learning" purpose, but it gives the agent authority to write and change persistent memory and skill files and to perform periodic, autonomous reviews. Before enabling it: (1) decide whether you trust the agent to create or modify skills and memory without explicit approval; (2) back up your skills/ memory directories so you can recover unintended edits; (3) consider requiring a manual confirmation step before any new SKILL.md is created or before MEMORY.md is modified; (4) ask the skill author to clarify which internal tools (memory_search, lcm_grep, lcm_expand, exec, SkillHub CLI) will be used and whether any of them invoke shell/network actions; (5) limit autonomous invocation or Heartbeat execution if you want to prevent periodic automatic changes. If you cannot accept autonomous edits to skills/memory, treat this skill as unsuitable or require modifications to add explicit user approval gates.Like a lobster shell, security has layers — review code before you run it.
latestvk973cmpzmbg7cq33d002vftv1h84tqp7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧬 Clawdis