v0.1.0

Self Improvement

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:06 AM.

Analysis

The skill is transparent and not destructive, but it asks the agent to persist and promote learned content into future agent instruction files without clear approval or sanitization boundaries.

GuidanceInstall only if you are comfortable with an agent maintaining persistent learning files. Before enabling hooks or promotion workflows, require user review for any changes to CLAUDE.md, AGENTS.md, SOUL.md, TOOLS.md, MEMORY.md, or Copilot instructions, and redact sensitive information from learning entries.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

references/hooks-setup.md

UserPromptSubmit ... command: ./skills/self-improvement/scripts/activator.sh ... PostToolUse (Bash) ... command: ./skills/self-improvement/scripts/error-detector.sh

The optional hook setup runs local shell scripts on prompt submission and after Bash tool use. The included scripts only emit reminders or inspect command output patterns, so this is purpose-aligned but still automatic lifecycle execution.

User impactIf enabled, the skill will automatically add reminder context during sessions and inspect Bash output for errors.

RecommendationEnable hooks only if you want this automatic behavior, review the scripts before enabling them, and keep the hook configuration easy to disable.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none

The registry metadata does not identify a trusted source or homepage, while the package includes optional scripts and hooks. The provided code is reviewable here, but provenance remains limited.

User impactUsers have less provenance information to rely on before enabling hooks or installing updates.

RecommendationVerify the package source and maintainer before enabling hooks or updating the skill.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Broadly applicable learning | Promote to `CLAUDE.md`, `AGENTS.md`, and/or `.github/copilot-instructions.md` ... Behavioral patterns | Promote to `SOUL.md`

The skill encourages moving captured learnings into persistent agent instruction/context files, but the artifact does not require explicit user approval, diff review, sanitization, or expiration before those entries affect future sessions.

User impactA mistaken, sensitive, or maliciously influenced learning from one session could become durable guidance that future agents follow.

RecommendationRequire explicit user approval before promoting learnings into agent instruction files, review diffs, redact secrets, and keep promoted entries narrow and reversible.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

Full context: what happened, what was wrong, what's correct

The logging format asks for detailed context in persistent learning files. That is purpose-aligned, but detailed errors, corrections, or API failures can accidentally capture secrets or private project information.

User impactSensitive details could be saved in local markdown files and later reused, promoted, or committed by accident.

RecommendationAdd and follow redaction rules for tokens, passwords, customer data, private URLs, and proprietary details before writing learning entries.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

SKILL.md

sessions_history — Read another session's transcript ... sessions_send — Send a learning to another session ... sessions_spawn — Spawn a sub-agent for background work

The skill documents cross-session transcript reading, message sending, and sub-agent spawning. This is disclosed and related to sharing learnings, but the artifact does not define identity checks, data minimization, or user-approval boundaries.

User impactAnother session's private transcript or sensitive task context could be read or shared more broadly than intended.

RecommendationUse cross-session tools only with user approval, verify the target session, share the minimum necessary information, and avoid sending secrets.