ClawHub
Back to skill
v2.0.0

Feedback Learning V2

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:51 AM.

Analysis

The skill appears locally focused and purpose-aligned, but it creates persistent learned rules and logs command errors that can influence future agents, so it should be reviewed before installation.

GuidanceInstall this only if you want a persistent local learning layer for agents. Before enabling hooks or cron jobs, choose a private learning directory, restrict file permissions, avoid logging secrets, periodically review events.jsonl, reports, and genes.json, and require human review for newly promoted rules.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents
SeverityLowConfidenceHighStatusNote
SKILL.md
Set up crons ... payload: python3 ~/.openclaw/shared/learning/analyze-patterns.py ... payload: python3 ~/.openclaw/shared/learning/weekly-report.py

The skill documents scheduled background processing and an optional PostToolUse hook; this is disclosed and purpose-aligned, but it means the system keeps operating after initial setup.

User impactIf enabled, the skill will continue analyzing logs and producing reports on a schedule, and the hook can continue logging failed Bash tool use.
RecommendationEnable only the cron jobs and hooks you actually want, document them, and remove or disable them when you no longer want ongoing learning behavior.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusConcern
SKILL.md
auto-promotes structured rules ... Before tasks: check `$FEEDBACK_LEARNING_DIR/genes.json` for applicable rules.

The skill persists generated rules and tells future agents to consult them before tasks, so feedback-derived content can become reusable agent context.

User impactIncorrect, low-quality, or intentionally manipulative feedback could be promoted into a durable rule that steers future agent behavior until it is reviewed or resolved.
RecommendationReview new genes before relying on them, restrict who can write to the learning directory, and consider requiring manual approval before promoted rules are applied.
Memory and Context Poisoning
SeverityMediumConfidenceHighStatusConcern
scripts/error-catcher.sh
STDERR="${TOOL_STDERR:-unknown error}" ... STDERR="${STDERR:0:200}" ... CONTEXT="${TOOL_COMMAND:-exec command}" ... bash "$DIR/log-event.sh" ... "$CONTEXT" "$STDERR"

When the optional hook is enabled, failed command text and stderr are persisted into the learning log; the code truncates stderr but does not redact secrets.

User impactAPI keys, tokens, private paths, or sensitive data printed in failed commands or errors could be stored in local learning files and later reports.
RecommendationAvoid enabling the hook in sensitive workspaces unless you add redaction, limit logging scope, protect file permissions, and periodically clean events and reports.