self-improvement Security Report — Trusted | ClawSafe

5 /100

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Logs to markdown files and promotes valuable learnings to project memory.

A legitimate self-improvement logging skill with benign shell scripts for reminders and error detection. No malicious behavior, credential access, network calls, or data exfiltration observed.

Skill Nameself-improvement

Duration36.8s

Enginepi

✓

Safe to install

No action needed. The skill is safe to use. Consider documenting permission requirements in SKILL.md for completeness.

Findings 1 items

Severity	Finding	Location
Low	Missing permission declarations Doc Mismatch SKILL.md does not explicitly declare what permissions or allowed-tools the skill requires. While scripts are benign, documenting permission requirements would improve transparency. `No allowed-tools declaration in frontmatter` → Add allowed-tools declaration to SKILL.md frontmatter if the skill will be invoked with tools. However, since the shell scripts only output text and do pattern matching, the actual risk is minimal.	`SKILL.md:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ`	✓ Aligned	Scripts read CLAUDE_TOOL_OUTPUT env var only
Shell	`NONE`	`READ`	✓ Aligned	Scripts use pattern matching, no dangerous commands
Network	`NONE`	`NONE`	—	No network calls in any scripts
Environment	`NONE`	`READ`	✓ Aligned	error-detector.sh reads CLAUDE_TOOL_OUTPUT for error detection
credential_access	`NONE`	`NONE`	—	No credential harvesting

1 findings

🔗

Medium External URL 外部 URL

https://agentskills.io/specification

SKILL.md:557

File Tree

16 files · 53.5 KB · 2171 lines

Markdown 10f · 1752L Shell 3f · 296L TypeScript 1f · 62L JavaScript 1f · 56L JSON 1f · 5L

├─ ▾ 📁 .learnings

│ ├─ 📝 ERRORS.md Markdown 5L · 75 B

│ ├─ 📝 FEATURE_REQUESTS.md Markdown 5L · 84 B

│ └─ 📝 LEARNINGS.md Markdown 5L · 99 B

├─ ▾ 📁 assets

│ ├─ 📝 LEARNINGS.md Markdown 45L · 1.1 KB

│ └─ 📝 SKILL-TEMPLATE.md Markdown 177L · 3.3 KB

├─ ▾ 📁 hooks

│ └─ ▾ 📁 openclaw

│ ├─ 📜 handler.js JavaScript 56L · 1.6 KB

│ ├─ 📜 handler.ts TypeScript 62L · 1.8 KB

│ └─ 📝 HOOK.md Markdown 23L · 589 B

├─ ▾ 📁 references

│ ├─ 📝 examples.md Markdown 374L · 8.1 KB

│ ├─ 📝 hooks-setup.md Markdown 223L · 4.8 KB

│ └─ 📝 openclaw-integration.md Markdown 248L · 5.5 KB

├─ ▾ 📁 scripts

│ ├─ 🔧 activator.sh Shell 20L · 680 B

│ ├─ 🔧 error-detector.sh Shell 55L · 1.3 KB

│ └─ 🔧 extract-skill.sh Shell 221L · 5.2 KB

├─ 📋 _meta.json JSON 5L · 139 B

└─ 📝 SKILL.md Markdown 647L · 19.2 KB

Security Positives

✓ No network requests or external communications

✓ No credential harvesting or environment variable enumeration

✓ No file writes to sensitive paths (~/.ssh, ~/.aws, etc.)

✓ extract-skill.sh has path validation (no absolute paths, no '..' traversal)

✓ Shell scripts are simple and readable with no obfuscation

✓ No base64 encoding or shell evasion techniques

✓ Hook handlers have proper event structure validation

✓ error-detector.sh only reads tool output, doesn't exfiltrate it

✓ GitHub URLs in SKILL.md are well-known legitimate repositories

Scan Report

Findings 1 items

File Tree

Security Positives