ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

LessonLoop

v0.1.0

Lightweight experience-capture and behavior-hardening for Goat. Use when the user explicitly gives corrective feedback, says to remember or avoid something,...

0· 93·0 current·0 all-time
by@stevengaojn2010
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description match the included scripts and references: classification, compression, daily memory writes, logging, and reporting. One minor mismatch: SKILL.md recommends a local/Ollama first-pass but the skill declares no required binary or environment variable for Ollama; this is an optional/local optimization, not required for core functionality.
Instruction Scope
Runtime instructions and the provided scripts operate within the described scope (classify feedback, append compact lessons to daily memory, log events, produce short reports). They perform filesystem writes under a workspace path and will change behavior in-session after writing memory. Nothing in SKILL.md instructs reading unrelated system secrets or network exfiltration.
Install Mechanism
No install spec is provided (instruction-only plus included scripts). No external downloads or package installs are requested, which reduces install-time risk.
Credentials
The skill requires no environment variables or credentials. The scripts use a workspace path (default /Users/steven/.openclaw/workspace) but do not request secrets or external tokens.
Persistence & Privilege
The skill writes persistent files to disk (daily memory files and jsonl logs) under the agent workspace. It does not request always:true or attempt to modify other skills' configs, but it will persist data across sessions and thus has a normal level of persistence; verify that this behavior is acceptable for your environment.
Assessment
What to check before installing: - Be aware the skill will create and append files in a workspace directory (default: /Users/steven/.openclaw/workspace). If that path is not appropriate, either change the scripts or pass a different --workspace when invoked. - Review the scripts (capture_lesson.py, log_lesson_event.py, lessonloop_report.py, lesson_gate.py). They only perform local file I/O and simple text/json processing — no network calls — but you should confirm the exact filesystem locations and permissions. - If you plan to use the 'local/Ollama first-pass' behavior, ensure your environment actually has Ollama or a compatible local model; the skill does not declare or install that binary. - Consider running the skill in a sandbox or with limited filesystem access first to verify it writes only the files you expect, and scan memory files for any sensitive content before persisting. - If you do not want durable on-disk memory, ensure the agent invokes these scripts with a temporary workspace or does not call them. - Overall, the skill is coherent with its stated purpose, but double-check workspace paths and file persistence before enabling it.

Like a lobster shell, security has layers — review code before you run it.

latestvk971y8zqg8jf58rfa40zr3snxd83cvj3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments