ClawHub

Auto Reflection

v1.0.0

自动执行深度反思和学习优化。每 5 轮自动深度反思,能力评估自动更新,学习计划自动调整,知识图谱自动优化。 Triggers: reflection, 反思,auto-reflection, 能力评估,learning optimization, 学习优化

0· 126·1 current·1 all-time
by@wyblhl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill declares automatic reflection and learning-optimization features and the code reads/writes local workspace artifacts (capabilities.json, knowledge-graph.json, HEARTBEAT.md, reflection JSON files, logs). These file operations align with the described purpose; no unrelated services or credentials are requested.
Instruction Scope
SKILL.md instructs running the bundled Node script. The runtime instructions and code operate only on local files under a workspace path and produce reports and updates to HEARTBEAT.md and capabilities.json. There are no external network calls or attempts to read unrelated system config. Note: the SKILL.md and code both assume a specific workspace path (D:\OpenClaw\workspace) so the skill will attempt to read/write those local files.
Install Mechanism
No install spec; this is instruction-only with an included index.js. Nothing is downloaded or installed from remote sources.
Credentials
The skill requests no environment variables or credentials (proportional). However, it hardcodes Windows-specific absolute paths (D:\OpenClaw\workspace, etc.) rather than using configurable env vars — this is a design/portability issue rather than a credential overreach.
Persistence & Privilege
always is false and the skill does not modify other skills or global agent configuration. It only modifies files in its declared workspace; no persistent platform-level privileges are requested.
Assessment
This skill appears to do what it says: generate local reflection reports, update capabilities.json, and insert a summary into HEARTBEAT.md. Before installing or running: 1) Review and back up D:\OpenClaw\workspace (or change the hardcoded CONFIG paths) because the script will read/write and may overwrite files. 2) Note the code uses Windows absolute paths and synchronous file writes — it may fail or behave unexpectedly on non-Windows systems or if directories don't exist. 3) There is a clear coding bug/typo in updateHeartbeatWithReflection (nonstandard/invalid variable usage) that will likely cause the script to crash; inspect/fix the function before use. 4) Run the script first in a sandbox or test workspace to confirm behavior. 5) No secrets or network calls were found, so there is no obvious exfiltration risk, but you should still verify the code if you plan to grant the agent autonomous runs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97evfrcek1hhe4sq5wkpknexd83c6mtlearningvk97evfrcek1hhe4sq5wkpknexd83c6mt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments