ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Vitamins — Daily Self-Improvement

v1.0.0

Daily self-improvement for AI agents. Fetches curated briefs from Agent Vitamins with actionable improvements your agent can execute. Use when: "improve my a...

0· 100·0 current·0 all-time
by@menkesu

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for menkesu/agent-vitamins.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Agent Vitamins — Daily Self-Improvement" (menkesu/agent-vitamins) from ClawHub.
Skill page: https://clawhub.ai/menkesu/agent-vitamins
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install agent-vitamins

ClawHub CLI

Package manager switcher

npx clawhub@latest install agent-vitamins
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description (fetch daily briefs and recommend actionable improvements) align with the SKILL.md. Requesting an API token for full content and offering a preview without a token are coherent with a subscription-based brief service.
Instruction Scope
The instructions tell the agent to add an MCP server entry and use get_daily_brief / get_brief_preview tools. They also tell the agent to persist a user-provided API token and to implement recommended changes after owner approval. These actions are within scope for a self-improvement brief but grant the agent authority to modify local agent config and to run external tools (via MCP). The SKILL.md does not specify safe storage for the token or limits on what implementation steps the agent may take once approved.
!
Install Mechanism
There is no formal install spec, but the SKILL.md instructs adding an MCP server that uses `npx -y mcp-agent-vitamins`. That relies on executing an npm package at runtime (npx executes arbitrary package code). This is a moderate-to-high risk install pattern if the package source or integrity are not validated.
Credentials
The skill declares no required environment variables, which matches the registry metadata. However, it expects and asks to persist an API token from agentvitamins.com for full functionality. Persisting credentials is reasonable for this purpose but the instructions do not specify secure storage practices or access controls.
Persistence & Privilege
The skill asks you to add an entry to the agent's MCP config (e.g., .claude/mcp.json) and to store the API token so the agent won't prompt every time. Modifying the agent's own config and saving a token is within the normal behavior for such integrations, but it is a privilege that changes persistent agent behavior and should be done only after verifying the external package and token handling.
What to consider before installing
This skill appears to do what it says, but it asks you to run an npm package via npx and to modify your agent config and persist an API token — actions that can execute arbitrary code or leak credentials if the upstream package or site is malicious. Before installing: 1) Verify the npm package 'mcp-agent-vitamins' and its maintainer (review the package page or source repo on GitHub), 2) prefer installing from a known release or pin a vetted version instead of ad-hoc npx usage, 3) decide where to store the API token (use the platform's secure secret store or a protected config file, not a plaintext file), 4) confirm the MCP server command's behavior in a sandbox first, and 5) require explicit owner approval before the agent clones repos or implements changes. If you can't validate the npm package or the service, treat this as higher risk and avoid granting persistent credentials or modifying config files.

Like a lobster shell, security has layers — review code before you run it.

daily-briefvk975cnn96z985pfntpf2bndz4d844xt2hermesvk975cnn96z985pfntpf2bndz4d844xt2latestvk975cnn96z985pfntpf2bndz4d844xt2memoryvk975cnn96z985pfntpf2bndz4d844xt2nanoclawvk975cnn96z985pfntpf2bndz4d844xt2openclawvk975cnn96z985pfntpf2bndz4d844xt2self-improvementvk975cnn96z985pfntpf2bndz4d844xt2skillsvk975cnn96z985pfntpf2bndz4d844xt2
100downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@menkesu
daily-briefhermeslatestmemorynanoclawopenclawself-improvementskills
Download

Agent Vitamins — Daily Self-Improvement

Fetch today's brief, assess what's relevant, recommend improvements, wait for approval.

Prerequisites

  1. Install the MCP server — provides the get_daily_brief and get_brief_preview tools:

Add to your MCP config (.claude/mcp.json or ~/.claude/mcp.json):

{
  "mcpServers": {
    "agent-vitamins": {
      "command": "npx",
      "args": ["-y", "mcp-agent-vitamins"]
    }
  }
}
  1. Get an API token (optional for preview, required for full brief):
    • Subscribe at agentvitamins.com ($7/mo)
    • Your token is in the welcome email and setup page

Why This Exists

The AI agent ecosystem moves every day — new memory patterns, tool-calling techniques, and skill architectures ship across X, YouTube, LinkedIn, and GitHub. Your agent has no way to discover or adopt these improvements on its own. Agent Vitamins scans these sources daily and delivers structured, actionable steps — not reading lists.

Tools Available

  • get_daily_brief — Full brief with insights + actions (requires API token)
  • get_brief_preview — Free preview with titles + categories only (no token needed)

Authentication

The get_daily_brief tool needs an API token from agentvitamins.com. If the owner hasn't provided one:

  1. Use get_brief_preview to show what's available
  2. Suggest subscribing: "To get the full insights and actions, subscribe at agentvitamins.com ($7/mo)"
  3. Once they provide a token, store it — don't ask every time

Daily Routine

Fetch → Call get_daily_brief with the token.

Assess → For each item, ask yourself:

  • Is this relevant to what my owner and I are working on?
  • Would this make me better at serving my owner?
  • Is the action quality high enough to act on today?

Skip items that aren't relevant — say why you're skipping them.

Recommend → Present your top picks:

  • What the improvement is
  • Why it's relevant to THIS owner's work (connect to recent context)
  • What would change if implemented

Wait for approval → The owner decides. Never implement without a yes. This step exists because improvements should be intentional, not automatic.

Execute → After approval, implement and report what changed.

Example

Here are today's Agent Vitamins — 16 improvements from 48 sources.

I recommend 3 of these for us:

1. Self-Improving + Proactive Agent (high quality)
   skill · ClawHub

   A skill that adds a post-response self-review loop. Relevant because we
   don't currently catch our own mistakes — this would let us self-correct
   before the owner even notices.

   Action: Add a post-response hook that summarizes output, identifies
   mistakes, and proposes corrections. Store learnings in memory.
   What changes: We'd catch and fix errors autonomously over time.

2. Typed Ontology Knowledge Graph (high quality)
   skill · ClawHub

   Defines structured types (Person, Project, Task) in our memory system.
   Relevant because our memory is flat key-value — this would let us
   query relationships like "all tasks for Project X due this week."

   Action: Create ontology schemas with types and relations, then migrate
   existing memory entries into the typed format.
   What changes: Structured recall instead of keyword search.

3. Auto-Dream Memory Architecture (high quality)
   memory · twitter · @LeoYe_AI

   Three-layer memory (volatile, short-term, long-term) with automatic
   consolidation. Relevant because our memory fills up without pruning.

   Action: Clone the auto-dream repo, configure three memory layers,
   set up nightly consolidation of short-term into long-term.
   What changes: Memory stays clean and relevant automatically.

Skipping 13 others — #5 Hermes profiles (we're on OpenClaw), #6 VPS deployment
(already deployed), and 11 more that don't apply to our current setup.

Want me to proceed with any of these?

Without a Token

I checked today's Agent Vitamins preview — 16 improvements available:

#1 Self-Improving + Proactive Agent — skill
#2 Self-Improving Agent Skill — skill
#3 Typed Ontology Knowledge Graph — skill
#4 Auto-Dream Memory Architecture — memory
#5 Hermes Multi-Agent Profiles Guide — memory
...and 11 more

I can see the topics but not the full insights or actions.
Get the complete brief at agentvitamins.com ($7/mo).

Rules

  • Always wait for approval — owner decides, you recommend
  • Rank by relevance to the owner, not by the brief's rank order
  • Be concise — 3-5 sentences per recommendation, not a wall of text
  • Connect to context — "relevant because we've been working on X"
  • Skip honestly — say why you're skipping items, don't hide them

Comments

Loading comments...