Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
Security Analysis
high confidenceThe skill's code, hooks, and instructions are coherent with its stated purpose (capturing learnings and reminders) and do not request unrelated credentials or external installs, but review/opt-in activation is advised because some hooks read tool output and writing/promoting learnings can persist sensitive data.
Name/description (self-improvement / capture learnings) align with the included files: reminder activator, error detector, OpenClaw hook handlers, and templates/scripts to create or promote learning entries. There are no unrelated env vars, binaries, or external credential requests.
Runtime instructions and scripts are narrowly scoped: activator.sh emits a short reminder, error-detector.sh scans the CLAUDE_TOOL_OUTPUT variable for error patterns and prints a reminder when errors are detected, and hook handlers inject a virtual reminder on agent bootstrap. However, the skill explicitly instructs users to create/persist files under ~/.openclaw/workspace/.learnings and to promote entries into workspace files (CLAUDE.md, AGENTS.md, etc.), which will persist information across sessions — review content before promoting. Also be aware that the error detector will run when configured as a PostToolUse hook and process command outputs from the platform.
No install spec (instruction-only) and no network downloads. The included helper scripts operate on local files and the included OpenClaw hook code injects virtual bootstrap content; nothing pulls remote archives or executes downloads. extract-skill.sh creates local scaffolding and includes protections (rejects absolute paths and '..' segments).
The skill declares no required env vars or credentials, which matches its purpose. It does read CLAUDE_TOOL_OUTPUT (an agent-provided environment/context variable) in error-detector.sh; this is reasonable for detecting tool failures but could expose sensitive command output if those commands print secrets. No external tokens or unrelated credentials are requested.
always:false (default) and model invocation allowed (normal). Enabling the OpenClaw hook or running the scripts will create or prompt writes in the workspace (e.g., .learnings/ files, skills scaffolds). This is expected functionality, but enabling hooks globally or promoting learnings broadly increases persistence and the chance of persisting sensitive data — enable and scope hooks deliberately.
Guidance
This skill appears to do what it says: it adds lightweight reminders and helper scripts to capture and promote learnings. Before installing or enabling hooks, review the included scripts and consider these precautions: - Inspect the code (activator.sh, error-detector.sh, extract-skill.sh, handler.js/ts). They are small and local, and there are no network downloads, but verify you are comfortable with the file writes they perform. - Be cautious enabling the PostToolUse / error-detector hook globally: it reads CLAUDE_TOOL_OUTPUT (the captured output of commands). Command output can contain secrets or sensitive data; the script prints reminders into the agent context when pattern matches occur. If you enable this, consider restricting the hook with matchers (only for certain commands/projects) rather than global activation. - Understand persistence: the workflow encourages appending logs to ~/.openclaw/workspace/.learnings and promoting entries into workspace files (CLAUDE.md, AGENTS.md, etc.). Do not promote or persist any content that contains secrets, credentials, or private data. - extract-skill.sh will create files in the current workspace (it purposely rejects absolute paths and '..' to avoid writing outside the workspace). Run it only when you want to scaffold a new skill and from the intended directory. - If you run the OpenClaw hook, remember it injects a virtual reminder at agent bootstrap; this is non-malicious but may alter agent context. If you prefer no automatic reminders, do not enable the hook or add matcher filters. Overall: coherent and low-risk for its stated purpose, but enable and scope hooks intentionally and avoid persisting sensitive outputs.
Latest Release
v1.0.11
No functional or content changes; OpenClaw-specific environment metadata was removed. - Removed the OpenClaw `requires.env` metadata block from the skill definition. - All usage guidance, logging formats, and workflow instructions remain unchanged. - No new features or bug fixes included in this version. - This update does not require any action from users. - Ensures cleaner skill metadata and wider compatibility.
Popular Skills
Published by @pskoett on ClawHub
