Self Improving Agent CN
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: self-improving-agent-cn Version: 1.0.0 The skill implements a local memory system for the AI agent to track errors, user corrections, and best practices. It uses standard Python scripts (e.g., log_error.py, check_memory.py) to manage data in JSONL files located in a local directory (~/.openclaw/memory/). The code and instructions in SKILL.md are transparent, lack external network calls or obfuscation, and align entirely with the stated purpose of improving agent performance through local persistence.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive information accidentally included in commands or error output could be stored in plaintext and later shown back to the agent.
The logger persists raw command, error, and fix text into a long-lived local memory file. The artifacts do not show implemented redaction even though commands and error messages can contain secrets, private paths, or sensitive project details.
MEMORY_DIR = os.path.expanduser("~/.openclaw/memory/self-improving") ... "command": command, "error": error_msg, "fix": fix ... f.write(json.dumps(entry, ensure_ascii=False) + "\n")Require confirmation before logging, redact secrets before writing memory, and periodically review or delete the JSONL memory files.
A mistaken or poisoned memory entry could influence future sessions, affect multiple projects, or alter files that guide agent behavior.
The skill instructs automatic propagation of learned content into global memory, project memory, and agent instruction files. It does not describe approval, validation, scoping, or rollback for those updates.
重要记忆自动同步到: - `~/.openclaw/memory/self-improving/` (全局) - 当前项目 `.learnings/` (项目级) - `AGENTS.md` (用户偏好) - `MEMORY.md` (长期记忆)
Disable automatic cross-project sync by default, require user approval before editing AGENTS.md or MEMORY.md, and keep memory scoped per project unless explicitly promoted.
The agent could install packages globally or with elevated privileges, changing the user's system more broadly than intended.
The workflow suggests automatically changing a failed command to an elevated global install path. That is a high-impact local environment change without an explicit user approval step.
下次执行前检查记忆 3. 自动改用: `sudo npm install -g xxx` 或本地安装
Require explicit confirmation before any sudo or global install command, and prefer least-privilege local installs.
Users have less assurance about the origin and maintenance of the skill.
The artifact provides limited provenance and setup metadata. The included scripts are small and the static scan is clean, so this is a provenance note rather than a standalone concern.
Source: unknown Homepage: none No install spec — this is an instruction-only skill.
Review the included scripts before use and install only if you trust the publisher/source.