Reflect
v2.1.0Self-improvement through conversation analysis. Extracts learnings from corrections and success patterns, proposes updates to agent files or creates new skil...
⭐ 14· 7.1k·57 current·59 all-time
bySteven Gonsalvez@stevengonsalvez
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the included scripts and docs: detecting signals, proposing edits, creating new skills, and updating agent files. However, the skill declares no env/credentials while expecting to read and modify ~/.claude agents, create files under ~/.claude/.skills and run git — a high-privilege scope that is functionally justified by the purpose but broader than many users may expect.
Instruction Scope
SKILL.md and scripts explicitly instruct reading transcripts, scanning logs, writing learnings, creating skills under .claude/skills, and running git add/commit via Edit/Bash tools. That behavior is consistent with the stated goal but grants the skill permission to permanently change many user/global agent files and state. The skill also provides hook installation that can trigger auto-reflect on context compaction — potentially altering behavior across sessions.
Install Mechanism
No external install spec or remote downloads are used; this is an instruction-plus-local-scripts package. Scripts list a Python dependency (pyyaml) but there is no automated installer that fetches arbitrary remote code. This lowers some install risk, though the shipped scripts will execute locally.
Credentials
The skill requests no environment variables or credentials, which is appropriate. However it expects access to user files and directories (e.g., ~/.claude/, ~/.reflect/, .claude/skills/) and to run shell commands. Those accesses are necessary to implement its purpose but are high-privilege and should be explicitly accepted by the user.
Persistence & Privilege
always:false (good), but the skill is designed to make permanent edits to global agent files, create skills, and commit them to git. It also includes optional hooks that can run on PreCompact events and an 'auto-reflect' mode that can be enabled. These capabilities give it long-term, cross-session impact, so enablement and human approval processes should be reviewed before allowing it to run with write/edit privileges.
Scan Findings in Context
[base64-block] unexpected: Pre-scan flagged a potential prompt-injection pattern inside SKILL.md. The skill's content and scripts appear to be normal for a reflection tool, so this may be a false positive, but it warrants manual inspection of SKILL.md and any templating to ensure no hidden/encoded blocks or injection vectors are present.
What to consider before installing
This skill can read session transcripts and permanently edit your agent files (e.g., ~/.claude/agents, .claude/skills) and commit changes. Before installing, do the following: (1) Inspect the included scripts (signal_detector.py, output_generator.py, state_manager.py, precompact_reflect.py) to confirm they do only what you expect. (2) Check scripts/logs/chat.json — it appears a conversation log is packaged; ensure it contains no sensitive data. (3) Back up ~/.claude and any agent files you care about. (4) Don't enable auto-reflect or install hooks until you trust the code; prefer manual /reflect reviews first. (5) Run the scripts in a sandbox or with reduced permissions to observe behavior. (6) If you allow commits, verify it will not push to remote repos or leak data externally. If you want, I can highlight specific lines in the scripts that implement file writes, git commits, or reading of transcript/log files for a more detailed audit.Like a lobster shell, security has layers — review code before you run it.
latestvk976fhw8wr28fxb08ed30yp2ed81b18e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.