ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Feedback Learning V2

v2.0.0

Zero-LLM feedback learning system for OpenClaw agents. Detects user feedback (emoji reactions, text signals like "переделай"/"круто"), logs events, tracks po...

0· 57·0 current·0 all-time
byMaxim Kravtsov@surdeddd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the included scripts and instructions: the package provides local shell+Python scripts to detect feedback, append events, analyze patterns, promote 'genes', and generate reports. No network endpoints, credentials, or unrelated binaries are requested.
!
Instruction Scope
Runtime instructions ask you to copy scripts into a shared directory, add a boot-time check for genes.json, set cron jobs, and (optionally) hook into PostToolUse so that exec failures are auto-logged. The hook/error-catcher will capture TOOL_STDERR and TOOL_COMMAND and write them into events.jsonl; these can include sensitive data. Also, the SKILL.md was flagged for unicode-control-chars (prompt-injection style obfuscation) — inspect the SKILL.md source for hidden characters before trusting it.
Install Mechanism
There is no external install/download. This is an instruction-only skill whose files are included in the bundle; the install procedure is manual file copying and adding cron/hook entries. No remote archives or package installs were used.
!
Credentials
The skill requires no secrets or external credentials, which aligns with its purpose. However, it logs command contexts and stderr without redaction. If your tools print secrets (tokens, paths, stack traces with config), those will be appended to events.jsonl and reports. The skill uses optional env vars (FEEDBACK_LEARNING_DIR, AGENT_ID) but does not request or need other credentials.
Persistence & Privilege
The skill is not forced-always. It suggests adding hooks and cron jobs which will give it ongoing presence and automatic data collection (error capture, nightly analysis, weekly reports). That's expected for this functionality, but you should only enable the PostToolUse hook and crons if you accept continuous local logging of tool output.
Scan Findings in Context
[unicode-control-chars] unexpected: The SKILL.md contained unicode control characters flagged as potential prompt-injection/obfuscation. This is unusual for an installation README and should be inspected (view with a hex-aware editor) to ensure there are no hidden directives or invisible text inserted into instructions.
What to consider before installing
What to check before installing: 1) Inspect SKILL.md for hidden characters: the pre-scan flagged unicode control characters — open the file in a hex or 'show-nonprinting' view to ensure nothing is obfuscated. 2) Review and audit the scripts: they are pure Python/shell and do not contact external hosts, but you should manually read them (especially log-event.sh, error-catcher.sh, and detect-feedback.py) to confirm no unexpected behavior. 3) Consider sensitive-data exposure: the optional PostToolUse hook and log-event calls capture TOOL_COMMAND and TOOL_STDERR and write them into events.jsonl and reports. If your tools might print secrets (tokens, passwords, database URLs, stack traces containing keys), that data will be stored locally. If you enable this skill, either filter/redact such output or restrict the directory's filesystem permissions and retention. 4) Add hooks/crons intentionally: the skill requires manual changes to AGENTS.md and cron entries; do not enable these automatically. Only enable the hook if you accept ongoing local logging and automated promotion of rules. 5) Backup/retention: ensure events.jsonl and reports are stored where you control retention and access. Remove or rotate logs if they accumulate sensitive content. 6) If you are unsure, run the scripts in a sandboxed account or container first to observe what gets captured before enabling them in your production agent environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e0tmqhkbg4nh89z0fwkcp098388q3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments