Self-Improving Coding Skill
v1.0.0Captures lint errors, type mismatches, runtime bugs, anti-patterns, refactoring opportunities, language idiom gaps, debugging insights, and tooling issues to...
⭐ 0· 20·0 current·0 all-time
byJosé I. O.@jose-compu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (capture lint/type/runtime learnings and promote them) matches the included scripts, templates, and hook handlers. Minor mismatch: SKILL.md includes a manual git clone URL pointing to a GitHub repo (https://github.com/jose-compu/...) even though the skill bundle contains the code — cloning an external repo is optional but references an external source of code not otherwise required for operation.
Instruction Scope
Runtime instructions and helper scripts are narrowly scoped: they create/ensure .learnings/ files, append structured learning entries, inject a lightweight reminder into agent bootstrap, and detect error output. The SKILL.md explicitly warns not to log secrets. The hook injection (adding a virtual bootstrap file) and the error-detector reading of tooling output are the only cross-cutting behaviors and are consistent with the stated purpose.
Install Mechanism
There is no automatic install spec or remote download in the package. All helper scripts and hook handlers are bundled as code files (no external extract/download). The only remote install hint is an optional manual git clone URL in documentation; that is informational rather than required by the package itself.
Credentials
The skill does not request credentials or declare required env vars. One script (scripts/error-detector.sh) reads CLAUDE_TOOL_OUTPUT from the environment — this is platform-provided output and not a secret credential, but it is an environment access the SKILL.md does not explicitly list. No other secrets or unrelated credentials are requested.
Persistence & Privilege
The skill is not always-on and is user-invocable by default. Enabling the optional hook will inject a virtual reminder file into agent bootstrap (this is by-design for OpenClaw hooks). Hooks and scripts run with the agent's permissions, so enabling them gives the skill the ability to write to the workspace (e.g., create .learnings/ files) — appropriate for its purpose but worth noting before enabling globally.
Assessment
This package appears internally consistent with its purpose: it creates/maintains .learnings/ files, injects lightweight reminders at agent bootstrap, and offers optional hooks to detect tool output. Before enabling or installing: (1) review the bundled scripts (scripts/*.sh) and hook handlers to confirm you’re comfortable with them writing to your workspace; (2) do not enable the PostToolUse error-detector globally unless you trust the agent runtime to provide CLAUDE_TOOL_OUTPUT locally — it can expose command outputs; (3) never log secrets, tokens, or private keys into .learnings/ (the README already warns this); (4) prefer the listed package installer (ClawdHub) or using the included files rather than blindly running a git clone from an unknown remote; (5) if you enable the OpenClaw hook, enable it selectively (per-project or with matcher filters) rather than globally so injection only occurs for coding sessions you intend to monitor.Like a lobster shell, security has layers — review code before you run it.
latestvk979d4mf10ykaydp2mqrktbdq984sgff
License
MIT-0
Free to use, modify, and redistribute. No attribution required.