Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Self-Improving Operations
v1.1.0Captures process bottlenecks, incident patterns, capacity issues, automation gaps, SLA breaches, and toil accumulation to enable continuous operations improv...
⭐ 0· 49·0 current·0 all-time
byJosé I. O.@jose-compu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (capture operations learnings, promote runbooks) align with the included code: reminder activator, error detector, and helpers to scaffold skills. However the registry metadata claims 'instruction-only / no install spec', yet the package contains executable hook code and scripts — an inconsistency in packaging that should be clarified.
Instruction Scope
Runtime instructions and code inject a reminder into agent bootstrap (virtual file) and optionally register hooks that run on UserPromptSubmit and PostToolUse. The PostToolUse error-detector reads CLAUDE_TOOL_OUTPUT (an environment variable containing tool output) to detect errors. While the scripts state 'never log secrets' and output only reminders, this creates a prompt-injection / context-injection surface at agent bootstrap and a path for reading tool output — both can expose sensitive context if misconfigured. The instructions also tell users to copy hooks into ~/.openclaw/hooks and to create ~/.openclaw/workspace/.learnings, which modifies agent workspace configuration.
Install Mechanism
No network downloads or package-manager installs. Installation is manual (git clone or clawdHub). Scripts and hook handlers are local files; no external URLs or extraction from unknown hosts. This is lower risk than remote installs, but the presence of executable hooks means install-time actions (copy + enable) will alter agent runtime.
Credentials
The skill declares no required env vars or credentials, which is consistent with its purpose. However scripts reference CLAUDE_TOOL_OUTPUT (not declared in metadata) to inspect command/tool output; that env var can contain sensitive output from tools. The skill recommends redaction but does not enforce it programmatically.
Persistence & Privilege
always: false (no forced inclusion). The hook injects a virtual bootstrap file on agent startup and suggests enabling an OpenClaw hook — this grants persistent influence over agent sessions while enabled. No settings modify other skills or system-wide configs beyond copying files into ~/.openclaw, but enabling hooks does change agent behavior and is an elevated action that should be opt-in and reviewed.
What to consider before installing
This skill appears to do what it says (remind you to capture operations learnings and scaffold runbooks), but it includes executable hooks that inject content into every agent session and a PostToolUse detector that reads tool output. Before installing or enabling hooks:
- Inspect the hook files (hooks/openclaw/handler.{js,ts}) and scripts to confirm their exact behavior — they only inject reminders, but review the code yourself.
- Avoid enabling PostToolUse if your tool outputs may contain secrets or customer data, or run it in a restricted/staging environment first.
- Keep installation manual and opt-in: copy hooks only if you understand the agent-level effect and have permission to modify ~/.openclaw/hooks and workspace files.
- Consider running the scripts in an isolated account or container first to verify file writes and outputs.
- Ask the publisher to correct metadata (it says 'instruction-only' but includes hooks/scripts) and to explicitly document that CLAUDE_TOOL_OUTPUT is used and how to sanitize it. If you lack the ability to audit code, do not enable the bootstrap or PostToolUse hooks in production.Like a lobster shell, security has layers — review code before you run it.
latestvk973ghkfpwgcs4g6e2sshw36f584tdxw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.