by 安全扫描
OpenClaw
安全
high confidenceThe skill's requested tools and behaviors align with a local, file-backed self-reflection helper; nothing in the manifest requests unrelated credentials or external endpoints.
评估建议
This skill appears coherent and local-only, but before installing: 1) verify or inspect the CLI implementation (bin/self-reflection) if you plan to clone the GitHub repo — the package here does not include the executable; 2) confirm you are comfortable with the skill creating/writing the configured state file (~/.openclaw/self-review-state.json) and memory file (~/workspace/memory/self-review.md) and choose paths that don't contain sensitive data; 3) review any script in the upstream repo before...详细分析 ▾
✓ 用途与能力
Name/description (continuous self-reflection) match the declared needs: timestamping (date) and small JSON handling (jq). Requested binaries are proportionate to the described functionality.
ℹ 指令范围
Instructions operate on local files (state_file and memory_file in the user's home/workspace) and instruct editing ~/.openclaw/openclaw.json to enable a heartbeat — this is consistent with the skill's purpose. One inconsistency: the README references a CLI binary (bin/self-reflection) but the registry package contains only SKILL.md, README.md, and an example config (no executable); the skill expects a local CLI to exist or to be installed separately (e.g., from the GitHub repo).
✓ 安装机制
There is no automated install spec (instruction-only), so nothing will be downloaded or written by the platform. The README shows a manual installation from GitHub, which is reasonable but is a separate step the user must review before running.
✓ 凭证需求
No environment variables or external credentials are requested. The skill only reads/writes user-local config and workspace files as documented.
ℹ 持久化与权限
The skill persists a timer state and a markdown memory file in the user's home/workspace (expected for its purpose). It also asks the user to enable a heartbeat in ~/.openclaw/openclaw.json (modifying agent config is normal for integration). always:false (no forced presence) and normal autonomous invocation are appropriate.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.1.12026/1/31
Initial ClawHub release: Continuous self-improvement through structured reflection
● 无害
安装命令
点击复制官方npx clawhub@latest install self-reflection
镜像加速npx clawhub@latest install self-reflection --registry https://cn.longxiaskill.com