Skillv1.0.0

ClawScan security

Self Improving Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 5:43 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions match its stated purpose (logging learnings, reminding agents, and providing optional helper scripts/hooks); nothing requests unrelated credentials or hidden network endpoints.
Guidance: This skill appears coherent and implements only local reminders, logging conventions, and optional helper scripts. Before enabling hooks or running scripts: (1) review the hook and shell scripts (activator.sh, error-detector.sh, extract-skill.sh) to confirm you accept their behavior; (2) be aware that enabling the OpenClaw hook will inject a virtual reminder into session bootstrap and that the activator/error-detector may run with the agent's permissions; (3) the extract-skill script can create files under your workspace—run it only where you want those files created; (4) clone the GitHub repo only if you trust its source. If you want to be extra cautious, enable only the activator (read-only reminder) and avoid enabling PostToolUse hooks or running the extractor until reviewed.

Review Dimensions

Purpose & Capability: okThe name/description (capture learnings, errors, promote learnings) align with the included documentation, hook handlers, and helper scripts. The files only implement reminders, local logging conventions, and a helper to scaffold new skills; none request unrelated capabilities (no cloud creds, no unusual binaries).
Instruction Scope: noteSKILL.md instructs creating and writing local files under a .learnings directory and optionally installing an OpenClaw hook. The hooks/scripts operate on local context (inject virtual bootstrap file, read CLAUDE_TOOL_OUTPUT, and output reminder text). The skill documentation mentions cross-session APIs (sessions_list/history/send/spawn) but the shipped code does not call external sessions or transmit data outside the agent; still, enabling hooks gives the skill the ability to inject workspace context and to write files in the workspace, which is expected for this purpose.
Install Mechanism: noteNo automated install spec is included (instruction-only skill). Manual install instructions use git clone from a public GitHub repo (reasonable). The only executable artifacts are local shell scripts and hook handlers; there are no remote downloads or extracted archives in the install process.
Credentials: noteThe skill declares no required env vars or credentials. The error-detector hook reads CLAUDE_TOOL_OUTPUT if present (an agent-provided environment variable) — this is consistent with its purpose. No secrets/keys are requested.
Persistence & Privilege: okThe skill is not always-enabled (always:false) and is user-invocable. Hooks are optional and only active if the user copies/enables them. The extract-skill script can create files under the current workspace when run, which is expected and requires explicit execution.