Back to skill
Skillv3.1.0
ClawScan security
π ζΊθ½δ½θͺθΏε Β· ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 5:44 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, scripts, and instructions are consistent with a workspace-level
- Guidance
- This skill appears to do what it says: local reminders, local logs (.learnings/), optional hooks that inject small bootstrap reminders, and small helper scripts to scaffold new skills. Before installing: - Verify the repository/source URL is what you expect (SKILL.md references GitHub repos and the registry metadata shows different owner IDs/slugs; confirm authenticity before cloning). - Understand enabling hooks (UserPromptSubmit, PostToolUse) runs included shell scripts with the agent's permissions and can read tool output (CLAUDE_TOOL_OUTPUT). Only enable PostToolUse if you trust the environment and the output won't contain secrets. - Ensure scripts have appropriate permissions (chmod +x) and that created files (e.g., ~/.openclaw/workspace/* and ./skills/*) are acceptable to persist in your environment. - The skill warns not to log secrets; follow that guidance. If you need stricter controls, enable only the lightweight activator (UserPromptSubmit) and avoid the PostToolUse/error-detector hook. - If you want extra assurance, inspect the included scripts and hook handler files locally (they are small and readable) before enabling.
Review Dimensions
- Purpose & Capability
- okName/description say: capture learnings/errors and promote them into workspace memory. The included files (LEARNINGS/ERRORS/FEATURE_REQUESTS templates, activator/error-detector hooks, extract-skill helper, and OpenClaw hook handlers) directly implement that purpose. There are no unexpected credentials, unrelated binaries, or network endpoints required by the runtime instructions.
- Instruction Scope
- noteSKILL.md instructs creating/adding files under .learnings and optionally promoting entries to workspace files (CLAUDE.md, AGENTS.md, etc.). Hooks inject lightweight reminder content into bootstrap context and the error-detector reads the CLAUDE_TOOL_OUTPUT env var to spot errors. All instructions remain scoped to logging, reminders, and local file creation, but the promoted files become part of future session context (prompt injection surface) β the skill documents this and warns to avoid logging secrets. Confirm you are comfortable having persistent workspace files that can influence future agent behaviour.
- Install Mechanism
- okNo automatic install spec. Manual install suggestions point to GitHub (clone or clawdhub). Scripts are included in the package; no external downloads or obscure URLs are used by the skill itself. The extraction and hook scripts create files locally and validate paths (extract-skill.sh prevents absolute paths and '..').
- Credentials
- noteThe skill declares no required env vars or credentials. The error-detector script reads CLAUDE_TOOL_OUTPUT (an agent-provided env var) to detect error messages; this is expected. Because CLAUDE_TOOL_OUTPUT may contain sensitive output, the skill explicitly warns not to log secrets. Ensure your hook configuration does not forward raw tool output to external endpoints and that you trust the agent environment before enabling PostToolUse hooks.
- Persistence & Privilege
- notealways:false (no forced global inclusion). Enabling hooks and using the extract helper will write files into your workspace (~/.openclaw/workspace or ./skills). This is intentional for a logging/promote workflow but grants persistent influence over future sessions (promoted files are injected into agent context). That persistence is expected for this skill but worth reviewing before enabling globally.