by 安全扫描
OpenClaw
安全
high confidenceFiles, scripts, and hook handlers match the stated purpose of capturing and promoting development learnings; nothing requests unrelated credentials or performs covert networking or writes outside the workspace without user action.
评估建议
This skill appears to do what it claims, but review and control how you enable it: 1) Inspect the scripts (activator.sh, error-detector.sh, extract-skill.sh) before enabling hooks to confirm behavior. 2) Prefer project-level hook configuration (not global ~/.claude) if you want to limit automatic executions. 3) Note extract-skill.sh will create files under ./skills/ when run (it prevents absolute/../ paths). 4) error-detector reads CLAUDE_TOOL_OUTPUT (it may contain command output — avoid loggin...详细分析 ▾
✓ 用途与能力
Name/description align with included files: reminder hook, activator, error detector, extraction helper, and templates. The skill does not request unrelated credentials or binaries and the provided handlers/scripts implement the stated capture-and-promote workflow.
ℹ 指令范围
SKILL.md and references instruct installing hooks and running scripts that output reminders and optionally create skill scaffolds. The error-detector reads the CLAUDE_TOOL_OUTPUT env var (expected for a PostToolUse hook). The extract-skill.sh script does create files under a relative ./skills/ directory when run (it has safeguards against absolute or ../ paths). Be aware hooks can be configured at user-level (~/.claude) which makes the activator run more broadly — this is a functional choice but increases execution surface.
✓ 安装机制
No remote downloads or install steps; instruction-only skill with bundled scripts and hook handlers. There is no installer that fetches remote code or writes binaries to unexpected locations.
✓ 凭证需求
No credentials or sensitive environment variables are requested. The only environment usage of note is error-detector.sh reading CLAUDE_TOOL_OUTPUT (a platform-provided variable containing tool output) and check_env.sh inspecting local paths — both are proportionate to detecting and logging errors.
ℹ 持久化与权限
always is false and the hook handler injects a virtual bootstrap file (no persistent modification). However, enabling hooks at user-level or project-level will cause the activator/error-detector scripts to run automatically on configured events; enabling globally increases runtime frequency and blast radius, so prefer project-scoped configuration if you want limited scope.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.1.02026/3/5
Fork: optimized SKILL structure, added metadata, and normalized package manifest
● 无害
安装命令
点击复制官方npx clawhub@latest install self-improving-agent-ollieb89
镜像加速npx clawhub@latest install self-improving-agent-ollieb89 --registry https://cn.longxiaskill.com镜像同步中