Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Self-Improving v2.0 - Jarvis Edition
v2.0.0AI agent that performs automatic tri-daily self-reflections, saves all dialogs and media, manages long-term memory, and continuously learns and improves.
⭐ 0· 64·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The stated purpose (self‑reflection, memory management, saving dialogs/media) matches the instructions in SKILL.md, but the skill repeatedly references runtime scripts (scripts/memory_manager.py, etc.), a cron/ directory, and test files that are NOT present in the distributed bundle (file manifest only contains SKILL.md, README.md, CHANGELOG.md, package.json). That omission is a material incoherence: the skill expects code that isn't delivered. package.json also claims repository/homepage URLs while top-level registry metadata shows 'Source: unknown' and 'Homepage: none', another inconsistency.
Instruction Scope
SKILL.md instructs the agent to save 'all text conversations' and 'all images' permanently and to extract and persist 'code/scripts' and 'important decisions' into MEMORY.md. This is extremely broad data collection and long‑term persistence of potentially sensitive content (credentials, private code, personal data). The instructions also direct creating cron jobs and running Python scripts (which are not included), and to run commands like 'clawhub install' and 'openclaw cron add'. The instructions grant wide discretion to retain and organize user data without granular consent or filtering rules.
Install Mechanism
There is no install spec and no archive downloads — the skill is instruction-only, which is lowest code‑install risk. However, this increases runtime ambiguity because the instructions assume scripts and cron config that are not present in the bundle.
Credentials
The skill declares no required environment variables or credentials, yet SKILL.md includes operations (publishing to GitHub, running 'clawhub install', calling 'openclaw cron' to add scheduled jobs) that in practice may require credentials or elevated platform permissions. The skill does not declare or request any tokens/keys despite describing behaviors that would need them if executed by a user (e.g., git push, publishing). That mismatch should be clarified before use.
Persistence & Privilege
The skill advocates creating cron jobs to run automatic reflections and monthly cleanup. While 'always' is false, the instructions presuppose adding scheduled tasks into the agent environment — which grants persistent, recurring execution and persistent storage of user data. Combined with the instruction to permanently retain all dialogs and images, this persistence increases privacy exposure. The skill does not make retention controls or consent flows explicit.
What to consider before installing
Do not install or enable automatic scheduling until you confirm where the runtime scripts come from and what will actually be written to disk. Key questions to ask the author or maintainer: (1) Provide the missing runtime files (scripts/memory_manager.py, cron config) and let you review their code before running. (2) Explain exactly what data is captured and give options to exclude sensitive content (secrets, code snippets containing credentials, attachments). (3) Clarify how cron jobs are registered and how to opt out or inspect scheduled jobs. (4) If you will publish data (git push, ClawHub/GitHub), require explicit, manual consent and show which files would be committed. If you can't get those answers or the code, treat this package as unsafe: the behavior described (permanent retention of all dialogs and media, automatic scheduled runs) has real privacy/exfiltration risk and the bundle is missing the code it claims to run.Like a lobster shell, security has layers — review code before you run it.
latestvk970s4k8c36kvtzgwmmg45z4w58398w6latest self-improving memory reflection jarvisvk970s4k8c36kvtzgwmmg45z4w58398w6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.