Self Reflection 1.1.1
v1.0.0Continuous self-improvement through structured reflection and memory
⭐ 0· 364·7 current·7 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims a simple reflection/notes function and only requires small tooling (jq, date). Those requirements are proportionate. However, the SKILL.md and README repeatedly reference a CLI binary (bin/self-reflection) and provide installation steps (git clone, ln -s) even though the registry package contains no code files or install spec — the skill as published is instruction-only but documents a CLI that is not present in the bundle.
Instruction Scope
Runtime instructions are limited to checking/reading/writing local state and a workspace markdown memory file and to integrating with OpenClaw heartbeat. There are no instructions to transmit data externally or to access unrelated system credentials. The only data reads/writes are config/state/memory files under the user's home or workspace, which is consistent with the stated purpose.
Install Mechanism
No install spec is included in the registry (lowest risk), but the README instructs users to git clone a GitHub repo and symlink a binary. If a user follows those manual install steps they will execute code fetched from an external repository. The registry package itself does not provide that code; the manual-install instructions point to a public GitHub URL (author: hopyky).
Credentials
The skill requests no environment variables or external credentials. The file paths it asks to read/write (~/workspace/memory/self-review.md and ~/.openclaw/*) are proportionate to a local memory/state feature.
Persistence & Privilege
always is false and the skill does not demand permanent/global privileges. It asks the operator to add a heartbeat entry to the OpenClaw config to enable periodic invocation; that is a user-controlled configuration change rather than an automatic escalation. No other skills or system-wide settings are modified by the instructions as published.
What to consider before installing
This skill's behavior (local reflection, reading/writing a memory file, and being triggered by OpenClaw heartbeats) matches its description and requests no credentials, which is good. However, the package as published is instruction-only and repeatedly references a CLI binary (bin/self-reflection) that is not included. Before installing or enabling automated heartbeats you should:
- Verify the implementation: ask the publisher for the CLI source or inspect the GitHub repo referenced in the README (https://github.com/hopyky/self-reflection). Review the actual script under bin/self-reflection before running it.
- Confirm provenance: the registry ownerId in the package metadata does not match the _meta.json ownerId; confirm you are fetching the repository you expect and from the intended author.
- If you will run the git clone/install steps, review the cloned files and the self-reflection script for behaviors like network calls, exec of arbitrary commands, or unexpected file writes before running or symlinking the binary.
- If you want to allow autonomous heartbeat invocation, only enable it after verifying the binary's code. If you cannot verify the implementation, treat this package as documentation only and do not add the heartbeat entry or run the described binary.
Providing the actual CLI script (or a proper install spec) would raise confidence to "high"; without that, the missing implementation is the primary coherence problem.Like a lobster shell, security has layers — review code before you run it.
latestvk97asmk2v2jw0yzvp2sr7cx64x826n67
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🪞 Clawdis
Binsjq, date