Skillv1.0.0

ClawScan security

123123123123 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 17, 2026, 7:33 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: This is a coherent 'self-improvement' skill: its docs, helper scripts, and OpenClaw hook all align with logging learnings/errors locally and injecting a lightweight reminder at bootstrap; it does not request external credentials or perform network downloads.
Guidance: This skill appears to do what it claims: locally capture learnings and inject lightweight reminders. Before enabling, verify the scripts (activator.sh, error-detector.sh, extract-skill.sh) and hook handler to ensure you are comfortable with their behavior. Specific recommendations: - Only enable the OpenClaw hook if you trust the workspace and agent environment (enabling injects a reminder file into every bootstrap session). - Be cautious enabling the PostToolUse (error detector) hook: it examines CLAUDE_TOOL_OUTPUT (command/tool output). Do not enable it in contexts where sensitive command output might be present unless you are confident about redaction policies. - Keep the explicit guidance in SKILL.md in mind: do not log secrets, tokens, private keys, full transcripts, or raw config dumps into .learnings/ unless the user explicitly requests it. - Check file permissions (chmod +x for scripts) and the paths used when running extract-skill to avoid accidental writes outside your intended workspace. - The registry slug/name mismatch is cosmetic; if provenance matters, prefer installing from the original GitHub repo referenced in the README and verify the repository contents yourself.

Review Dimensions

Purpose & Capability: okThe SKILL.md, hook handlers, and helper scripts all implement a self‑improvement workflow (creating .learnings/, reminders, error detection, and a skill extraction helper). The registry metadata name/slug appear numeric and don't match the SKILL.md 'self-improvement' name, but this is a bookkeeping mismatch rather than a capability mismatch.
Instruction Scope: noteInstructions are scoped to creating/maintaining .learnings/ files, injecting a bootstrap reminder, and optionally running local scripts (activator, error detector, extract-skill). The error detector reads the CLAUDE_TOOL_OUTPUT environment variable to decide whether to show a reminder; SKILL.md warns not to record secrets and to prefer redacted summaries. The hook injects a virtual reminder file at agent bootstrap (expected behavior for a hook).
Install Mechanism: okThere is no remote install/download step in the bundle. All scripts and hook code are shipped with the skill and the README suggests cloning from GitHub or copying files into ~/.openclaw/. No archives or external executables are fetched at install time.
Credentials: noteThe skill declares no required env vars or credentials, which matches its benign design. However, the error-detector script relies on the CLAUDE_TOOL_OUTPUT environment variable at runtime; this env var is referenced in documentation but not listed as an explicit required env var. CLAUDE_TOOL_OUTPUT may contain command output, so users should be aware enabling the PostToolUse hook lets the script inspect that output (the script does not exfiltrate it; it only pattern-matches and prints a short reminder).
Persistence & Privilege: okalways is false and the skill is user-invocable. The hook code injects a virtual reminder during agent bootstrap if the hook is enabled; enabling the hook is opt-in and requires copying/enabling files in the user hooks directory. The skill does not modify other skills' configs or request permanent elevated privileges.