ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

自我改进智能体

v0.1.0

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...

0· 79·0 current·0 all-time
by@tigertamvip
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the instructions: all actions are about collecting and promoting learnings/errors/feature-requests into .learnings and workspace docs. No unrelated environment variables, binaries, or surprising external services are requested.
Instruction Scope
Instructions direct the agent (and the user) to create and append to files under ~/.openclaw/workspace/.learnings and potentially promote entries to other workspace files (SOUL.md, AGENTS.md, TOOLS.md). They also reference session-level tools (sessions_list, sessions_history, sessions_send, sessions_spawn) — these are coherent for cross-session sharing but have privacy implications because they can read or forward session transcripts if available. The scope is appropriate for the stated purpose but you should confirm what 'sessions_history' and 'sessions_send' can access in your environment before enabling automatic behavior.
Install Mechanism
No install spec in the skill bundle (instruction-only). The README suggests optional manual git clone from a GitHub repo and a ClawdHub install command; these are typical and optional. There is no automatic download/extract or opaque URL in the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. The file-write/read operations are limited to OpenClaw workspace paths (.learnings and other workspace files) which are proportionate to the logging/promotion purpose.
Persistence & Privilege
always:false and model invocation is allowed (default). The skill recommends enabling a hook in ~/.openclaw/hooks to run reminders at session start; enabling that would give persistent behavior across sessions and could influence agent prompts. This is expected for an auto-notification skill but is a persistent change the user must opt into.
Assessment
This skill is coherent for collecting and promoting learnings, but before installing or enabling hooks: (1) Inspect the referenced GitHub repo and any hook scripts you copy to ~/.openclaw/hooks to ensure they don't perform unexpected actions; (2) Understand what your OpenClaw 'sessions_*' tools can access — sessions_history and sessions_send could expose or forward other sessions' transcripts; (3) Back up any workspace files that might be overwritten and consider limiting the directories the skill touches to a project-specific .learnings if you don't want cross-session/global effects; (4) Only enable the hook if you trust the skill and its source.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ewv40zqt9vke5f68vskqsvs83bmnd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments