Skillv1.0.3

ClawScan security

123skill-display-name1 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 23, 2026, 1:17 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions line up with a self‑improvement / logging helper; nothing in the package demands unrelated credentials or external downloads, but review the included hook/scripts before enabling them in your environment.
Guidance: This package implements a benign 'self-improvement' helper and is coherent with its purpose, but take these precautions before installing/enabling it: - Confirm origin: the package metadata (registry name/slug) doesn't match the internal skill name/README/_meta.json — prefer installing from a trusted repository or the original upstream project. - Review the scripts and hook files locally before running them (activator.sh, error-detector.sh, extract-skill.sh, and the handler.ts/js). They are simple and readable, but they will run with the same permissions as your agent and can create files in your workspace. - Do not enable the PostToolUse / error-detection hook unless you understand that CLAUDE_TOOL_OUTPUT may contain command output (which can include secrets). The script only pattern-matches and does not persist raw output, but you should ensure sensitive outputs are not captured or logged elsewhere. - Only enable cross-session sharing (sessions_send / sessions_history) in trusted environments, and sanitize any content you promote or forward. - If you want minimal risk, use the skill in manual mode (create .learnings/ and append entries yourself) and avoid installing/enabling hooks that run automatically. If you provide the registry/source URL you intend to install from, I can re-check that the repository release/tag matches the packaged files here.

Review Dimensions

Purpose & Capability: noteSKILL.md and the code consistently implement a 'self-improvement' logging helper that creates and maintains .learnings/* logs and can inject lightweight reminders. Minor incoherence: the top-level registry metadata and provided display name (e.g., '123skill-display-name1' and slug/owner) do not match the skill's internal name/README/_meta.json which identify it as 'self-improvement' / 'self-improving-agent' — likely a packaging/metadata mismatch, but the requested resources (no env vars, no external credentials) are appropriate for the stated purpose.
Instruction Scope: noteRuntime instructions focus on creating .learnings/ files and optionally installing an OpenClaw hook that injects a reminder into agent bootstrap. The bash hooks/scripts only output reminders or pattern-match command output; the error detector reads the CLAUDE_TOOL_OUTPUT environment variable to detect failures but does not forward or persist raw output. Still: the skill references cross-session APIs (sessions_history, sessions_send, sessions_spawn) and guidance for promoting learnings across workspace files — these raise the expected blast radius if a user enables cross-session sharing, so follow the SKILL.md guidance to sanitize content and avoid logging secrets.
Install Mechanism: okNo automated install spec is included (instruction-only). The package contains local helper scripts and hook handlers but does not download or extract remote code in its install process. The README suggests optional manual git clone from GitHub (a common pattern) but there is no built-in network install or untrusted URL fetch in the package.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The error-detector script reads CLAUDE_TOOL_OUTPUT (a runtime variable provided by the agent framework) to look for error patterns — reasonable for an error-detection hook but worth noting because that variable can contain command output which could include sensitive data if not sanitized. The SKILL.md explicitly warns not to log secrets.
Persistence & Privilege: notealways is false (no forced global inclusion). The skill includes hook handlers and install instructions to enable an OpenClaw hook that injects a virtual reminder file into bootstrapFiles; this changes the agent's injected context when enabled (expected for hooks). The extract-skill.sh script will write files into the current workspace when run (it validates paths to avoid absolute/.. escapes). These behaviors are proportionate but require user opt‑in — do not enable the hook or run scripts unless you trust the workspace and review the code.