Metaskill

Key points to consider before installing or running Metaskill: - Metadata mismatch: The registry says no env vars are required, but the code expects API keys (ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_API_KEY) or a local Ollama server. Ask the publisher to correct the metadata or be prepared to set these env vars if you want full LLM functionality. - Data sent to external LLMs: When the scripts run in LLM mode they send error descriptions and excerpts of your LEARNINGS.md to third-party services (Anthropic, OpenAI, Google generative API) or to a local Ollama instance. If those messages may contain sensitive information, prefer using a local Ollama model or run in manual/fallback mode. - File writes and cross-skill access: The skill will create and append files under your OpenClaw workspace, including writing into skills/self-improving-agent/.learnings/ if that directory exists. Back up any important learnings before running; review file paths in the scripts if you want different locations. - Audit and test: Review or run the scripts in a sandboxed test workspace first. If you want to be extra cautious, run with environment variables unset to force offline/manual behavior, or configure providers in config.yaml to use a local Ollama instance. - Trust & provenance: The source/homepage are unknown and the owner is an unfamiliar ID. If you require strong provenance, request publisher information or prefer skills from known sources. What would make this benign: updating the registry metadata to list optional/required env vars, and explicit documentation of data flows (what is sent to LLMs). If you cannot confirm provenance or cannot tolerate sending learning content to remote LLMs, do not enable LLM mode and/or run in an isolated workspace.