Learning Loop
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: learning-loop Version: 1.4.0 The OpenClaw Learning Loop skill bundle is benign. It provides a structured self-improvement system for AI agents, primarily involving file operations (reading, writing, appending JSON and Markdown files) within a designated workspace directory (`memory/learning`). All scripts include robust input validation to prevent operations on system directories and utilize `flock` for file locking to ensure data integrity. There is no evidence of data exfiltration, unauthorized remote execution, persistence mechanisms, or malicious prompt injection attempts against the agent. The markdown instructions guide the agent on integrating and using the learning loop for its intended purpose, such as capturing events, promoting rules, and tracking metrics.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running pattern detection in a maliciously named or attacker-controlled workspace could execute unintended local code under the user's account.
The workspace path is user-supplied and is later embedded directly into Python source code instead of being passed as an argument. A crafted path containing quote/parenthesis characters could change the Python code that runs.
WORKSPACE="${1:-$(pwd)}" ... RULES_FILE="$LEARNING_DIR/rules.json" ... RULE_COUNT=$(python3 -c "import json; print(len(json.load(open('$RULES_FILE')).get('rules',[])))"Change the inline python3 -c calls to pass file paths through argv, as the other heredoc-based Python calls do, and avoid running this script in untrusted or oddly named directories until fixed.
Private feedback or incorrect lessons may be retained and reused later unless the user reviews and edits the memory files.
The skill intentionally stores persistent logs and turns learned items into future boot-loaded behavioral rules, so bad or sensitive entries can persist across sessions and influence later agent behavior.
Tier 1: Events - Raw logs of debugging sessions, mistakes, successes, feedback. Append-only, never deleted. ... Tier 3: Rules ... Loaded at boot. These are your behavioral constraints.
Review events.jsonl, lessons.json, and rules.json periodically; remove sensitive or incorrect entries; and only enable persistent memory in workspaces where that retention is acceptable.
A shared rule export may disclose local environment metadata in addition to the intended rules.
Rule exports for cross-agent sharing include the local agent handle and source workspace path. This supports provenance, but it can reveal local usernames, directory names, or project names when shared.
"agent_handle": agent_handle, ... "source_workspace": rules_path.replace("/memory/learning/rules.json", "")Inspect and redact exported JSON before sharing it with other agents or users, and import rules only from sources you trust.
If scheduled jobs are enabled, learning files and rule confidence can change over time without a direct prompt each time.
The skill describes recurring background-style automation. This is disclosed and aligned with the learning-loop purpose, but it means the system can keep modifying memory/rules after initial setup.
Heartbeat checks periodically scan for missed learning opportunities; Daily cron extracts events from session logs; Weekly cron runs pattern detection, metrics, confidence decay, and self-audit
Enable cron or heartbeat workflows only if you want ongoing background maintenance, and keep the generated memory directory under version control or regular review.