Skillv1.0.0

ClawScan security

Self Improving Agent 3.0.16 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 19, 2026, 10:32 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, scripts, and instructions are coherent with its stated purpose of recording learnings/errors and optionally injecting reminders; no unexplained credentials, remote installs, or exfiltration mechanisms were found, but review and cautious enabling of hooks is advised.
Guidance: This skill appears to do what it says: help capture and promote learnings. Before enabling it, review and decide whether to enable the PostToolUse error-detector hook (it examines CLAUDE_TOOL_OUTPUT and may see sensitive command output). If you enable hooks, prefer per-project (not global) configuration, inspect the scripts, set executable permissions deliberately, and avoid enabling cross-session sharing unless you trust the environment. No credentials are requested by the skill, but be careful not to log secrets when making entries in .learnings; the skill's docs explicitly recommend redacting sensitive content.

Review Dimensions

Purpose & Capability: okName and description match the included assets: README, templates, .learnings templates, hook handlers, and helper scripts all implement capturing learnings, errors, and feature requests and promoting them to workspace files. The provided extract-skill helper, activator, and error-detector support the stated goal and are proportionate.
Instruction Scope: concernMost runtime instructions stay within scope (create .learnings files, write summarized entries, promote to workspace files). However the error-detector script reads the CLAUDE_TOOL_OUTPUT environment variable (tool output) to detect errors; this env var is not declared in the skill metadata. While the scripts do not transmit that output externally, reading tool output can surface sensitive data if the hook is enabled globally—SKILL.md warns not to log secrets, but the script will inspect raw output unless the user restricts the hook.
Install Mechanism: okNo install spec or remote downloads. This is an instruction-only skill with included local scripts and hook code. All code is present in the bundle; there are no network fetches or extract steps that would write arbitrary remote artifacts to disk.
Credentials: noteThe skill requests no credentials or config paths. The only implicit environment dependency is CLAUDE_TOOL_OUTPUT (used by error-detector) and typical filesystem access to create files under the workspace or ~/.openclaw. Because CLAUDE_TOOL_OUTPUT may contain sensitive command output, enabling the PostToolUse hook should be a conscious, limited decision.
Persistence & Privilege: okalways is false and the skill is user-invocable. The code optionally copies hooks into ~/.openclaw/hooks and writes workspace files (e.g., ~/.openclaw/workspace/.learnings) only when the user follows the installation instructions; nothing forces global installation or modifies other skills' configs. Hook handler injects a virtual reminder file at bootstrap rather than modifying unrelated files.