Back to plugin
Pluginvv10.1.07
ClawScan security
DellPCgame · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 25, 2026, 1:37 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The bundled files implement a reasonable 'self-improvement' skill, but multiple metadata/packaging mismatches (skill name/slug/owner) and a few install-time behaviors warrant caution before installing.
- Guidance
- This package's files implement a harmless, coherent 'self-improvement' skill (reminders, lightweight hooks, and helpers that create/append .learnings files). However the packaging metadata (display name 'DellPCgame', slug 'dellwindow17', and registry owner IDs) does not match the internal skill name/slug (_meta.json shows 'self-improving-agent'). Before installing: (1) verify the repository origin and commit history (ensure the author and repo are what you expect); (2) prefer a dry-run: review scripts and run extract-skill.sh --dry-run locally; (3) do not enable hooks globally — enable them only at project-level and inspect ~/.openclaw/hooks changes; (4) check activator/error-detector outputs and file-write behavior, and ensure .learnings/ will not inadvertently receive secrets (the SKILL.md advises redaction); (5) if metadata mismatches remain unexplained, reach out to the publisher or avoid installing until clarified. These steps reduce risk even though the code itself appears to match the described purpose.
Review Dimensions
- Purpose & Capability
- concernThe repository content and SKILL.md clearly describe a 'self-improvement' skill (logging learnings, hooks, activator/error-detector scripts). However the top-level registry metadata shown with this package (Name: 'DellPCgame', slug: 'dellwindow17', ownerId different from _meta.json ownerId) does not match the embedded skill name/description ('self-improvement' / self-improving-agent). That mismatch is unexpected and could be an indexing/packaging error or deliberate mislabeling. Aside from metadata, the code and scripts are coherent with the declared purpose.
- Instruction Scope
- noteSKILL.md and scripts limit actions to creating/appending .learnings/* files, emitting lightweight reminders, and optionally running local helper scripts. The hook handler injects a virtual reminder into session bootstrapFiles (no network calls). The error-detector reads CLAUDE_TOOL_OUTPUT (explicitly documented). The SKILL.md warns not to log secrets. These instructions stay within the stated purpose, but they do allow writing files under the workspace or skills directories and installing a hook under ~/.openclaw if the user follows integration steps — so enable only intentionally.
- Install Mechanism
- okThere is no automatic install spec — this is instruction/script-based and therefore lower risk than arbitrary downloads. Scripts (extract-skill.sh) include checks to avoid absolute paths and '..' segments and enforce relative output directories. The activator/error-detector are simple shell scripts that only emit text or scan an environment variable. No external downloads or obscure install URLs were found.
- Credentials
- okThe skill declares no required environment variables or secrets. The only environment dependency in code is reading CLAUDE_TOOL_OUTPUT (used by the error-detector hook), which is appropriate for detecting command errors and is documented. No credentials or unrelated service tokens are requested.
- Persistence & Privilege
- noteThe skill is not always-enabled and does not request elevated privileges. However enabling the optional hook will cause the activator/error-detector scripts to run on lifecycle events (UserPromptSubmit/PostToolUse) — these scripts run with the user's agent/session permissions and can write to .learnings/ or to the chosen skills directory. That behavior is expected for this skill but worth explicit user consent. The metadata mismatches amplify the need to confirm origin before enabling hooks.