Reflect
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: reflect-learn Version: 2.1.0 The skill is designed for agent self-improvement, allowing it to analyze conversations, propose updates to its own configuration files, and create new skills. While this involves powerful capabilities like modifying agent files, creating new skill definitions, and using the `Bash` tool, the `SKILL.md` explicitly outlines strong safety guardrails, including mandatory human approval for all proposed changes, Git versioning for easy rollbacks, and incremental updates. The Python scripts handle file operations within expected `.claude/` and `~/.reflect/` directories, and there is no evidence of data exfiltration, unauthorized persistence, or malicious execution beyond the stated purpose. The instructions themselves do not contain prompt injection attempts to bypass security or hide actions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the skill can change agent instructions, create new skill files, and commit those changes to a repository.
The skill can edit files and create git commits after approval. This is aligned with its purpose, but it is high-impact local mutation authority.
On `Y` (approve): 1. Apply each change using Edit tool 2. Run `git add` on modified files 3. Commit with generated message
Review every proposed diff before approving; use selective approval for uncertain changes and keep changes under version control.
Conversation details and corrections may be stored locally and reused to shape future assistant behavior.
The learnings log is designed to persist exact conversation quotes, which can include sensitive user content or instructions that later influence agent behavior.
source_quote: type: string description: Exact quote from the conversation
Avoid approving learnings that include secrets, private data, or overly broad instructions; periodically review and prune the learnings log.
If configured, the hook may run automatically during compaction and create local reflection output/logs.
The skill provides optional hook-based behavior that can run during context compaction. It is disclosed and user-enabled, but it is persistent automation.
Auto-Reflection Automatically creates reflection output file when context compacts... Note: Auto-reflection only runs if you've enabled it with `/reflect on`.
Only install the hook if you want automatic reflection, and leave auto-reflection off unless you are comfortable with background local logging/output generation.
Using the hook may require external Python tooling and package resolution not reflected in the registry metadata.
The optional hook uses uv script execution and an unpinned PyYAML dependency, while registry requirements declare no required binaries. This is a dependency/provenance note, not evidence of malicious behavior.
#!/usr/bin/env -S uv run --script # dependencies = [ # "pyyaml", # ]
Verify the local script path and dependency source before enabling the hook; consider pinning dependencies if you rely on it.