ClawHub
Back to skill
v1.0.1

Self Improver Lite

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:02 AM.

Analysis

This skill is coherent but should be reviewed because it allows automatic session cleanup, service restarts, and agent configuration changes without concrete bounds or explicit approval.

GuidanceInstall only if you are comfortable letting the agent inspect OpenClaw service logs and perform limited maintenance. Before using it, require confirmation for any restart, session cleanup, or config change, and make sure backups, rollback steps, safe token/context ranges, and summary storage locations are clearly defined.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Apply only low-risk fixes automatically. ... Auto-Allowed Changes ... Session cleanup ... Gateway restart ... Context window/maxTokens tuning ... Fallback chain reordering

The skill explicitly authorizes automatic changes that can delete session state, restart the gateway, and alter agent/model behavior, but does not define precise limits or require user confirmation for those actions.

User impactThe agent could disrupt service availability, remove session state, or change response behavior without the user approving each change.
RecommendationRequire explicit confirmation for restarts, session cleanup, and config edits, and define exact safe ranges, affected paths, rollback steps, and change-review logging.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
systemctl is-active openclaw-gateway ollama
journalctl -u openclaw-gateway -n 120 --no-pager

The skill relies on host administration tools, while the provided metadata declares no required binaries or install requirements. This is not hidden code, but users should notice the dependency gap.

User impactThe skill may fail or behave inconsistently on systems without these tools or without permission to use them.
RecommendationDeclare systemctl and journalctl as expected host tools, or document supported operating environments and fallback behavior.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
systemctl is-active openclaw-gateway ollama
journalctl -u openclaw-gateway -n 120 --no-pager

The skill expects local authority to inspect OpenClaw/Ollama services and read service logs; that is aligned with maintenance, but it is still privileged operational access.

User impactIf run with broad local privileges, the agent may see operational logs and control services beyond what a normal chat task would need.
RecommendationRun it only in an environment where the agent is allowed to inspect and manage the named OpenClaw services, and avoid giving broader system privileges than necessary.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
journalctl -u openclaw-gateway -n 120 --no-pager ... Record summary and next actions. ... Never expose secrets in reports.

The skill reads recent service logs and records summaries. That is purpose-aligned and includes a secret-exposure guardrail, but service logs and summaries may contain sensitive operational details.

User impactAudit reports could accidentally retain or repeat sensitive log details if the guardrail is not followed carefully.
RecommendationRedact secrets and user content from logs before summarizing, and store audit summaries only in an approved location with limited retention.