ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Self Improver Lite

v1.0.1

Runs lightweight self-audits of OpenClaw behavior, finds repeated failures, proposes safe config/process improvements, and tracks what changed. Use after inc...

0· 144·0 current·0 all-time
by@utromaya-code·duplicate of @utromaya-code/self-improver-lite-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md focuses on collecting service status and journal logs, grouping failures, proposing fixes, and applying low-risk remedies such as session cleanup, gateway restart, and config tuning — all coherent for a self-auditing/maintenance skill.
!
Instruction Scope
Instructions explicitly run system commands (systemctl, journalctl) and permit automated changes (session cleanup, restarting services, config tuning, fallback reordering). The document does not specify exact commands, safe numeric ranges, or precise criteria for when automatic changes are allowed, which gives an agent broad discretion to modify system state.
Install Mechanism
Instruction-only skill with no install spec or code files; nothing is written to disk by the skill itself, which is low risk from an install perspective.
Credentials
The skill requests no credentials or environment variables, which is appropriate; however, the actions described (reading systemd status and journals, restarting services, editing configuration) imply the need for elevated system privileges (sudo/root) that are not declared. Confirm how the agent will obtain/require those privileges and whether access will be limited.
!
Persistence & Privilege
always:false is good, but the skill permits automatic application of changes and the platform allows autonomous invocation by default. Combined with vague guardrails, that raises the risk that the agent could autonomously make system changes without clear operator approval or strict limits.
What to consider before installing
This skill is broadly consistent with its stated purpose, but it leaves important details unspecified. Before installing or enabling it: (1) require explicit, per-change user approval or a strict policy that constrains automatic actions; (2) require a dry-run mode and human review for any config edits; (3) define concrete safe numeric ranges and exact commands for 'context window/maxTokens' tuning and other automated changes; (4) ensure explicit redaction rules and test that reports never leak secrets; (5) run it in a staging environment first and verify rollback procedures; and (6) verify how the agent will obtain necessary system privileges (avoid granting blanket root access). If the author can supply precise allowed-change lists, safe ranges, and an approval workflow, my assessment would move toward benign.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cgjd8h001sacj42hvrvctb983dsgv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments