Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.
Security Analysis
medium confidenceThe skill's purpose (capture and promote learnings) matches its code and docs, but several instructions encourage globally enabled hooks and automated logging/promotion of project/workspace files without guidance to sanitize sensitive data — this creates a realistic risk of unintended data exposure and unexpected persistence.
Name/description (capture learnings/errors and promote them) align with included files: templates, examples, activator and error-detection hooks, and an extraction helper. The scripts and templates are what you'd expect for a 'self-improving' logging skill.
SKILL.md and references instruct agents to log command outputs, environment details, and related file paths and to promote learnings into repo- and workspace-level files (CLAUDE.md, AGENTS.md, TOOLS.md, SOUL.md). There is no guidance or safeguards about redacting secrets or excluding sensitive paths; templates explicitly include an 'Environment details' field and recommend logging command output and metadata, which could capture secrets or private data. The hooks (UserPromptSubmit, PostToolUse) are recommended for project- and user-level configuration, which could make the agent log broadly and repeatedly.
No external downloads or package installs; this is instruction-first with small included scripts. Files are local and readable; scripts create scaffolding locally. No network fetches or archive extraction in the provided assets, so install risk is low.
The skill declares no required env vars or credentials, but the error-detector script reads CLAUDE_TOOL_OUTPUT (documented as the PostToolUse output). The documentation explicitly instructs logging 'Environment details if relevant' and file paths into persistent project or workspace files. Requesting or capturing environment/output info is reasonable for debugging, but without guidance to avoid secrets (API keys, tokens, private files) this is disproportionate to a safe logging helper and raises data-exfiltration risk.
always:false and the skill is opt-in, but the docs provide user-level hook examples (e.g., ~/.claude/settings.json and ~/.clawdbot/clawdbot.json) that, if applied, enable the activator/error detector globally for all sessions. Promoting learnings to workspace-level files (~/clawd/...) or to home-level skill caches can cause cross-session, cross-project persistence and potential leakage of project-specific data. The extract-skill helper can create files under a skills directory (and can be pointed at home-level paths), which increases persistence surface if run with global configuration.
Guidance
This skill appears to do what it says (log learnings and provide simple hook scripts), but be careful before enabling it globally. Things to consider before installing/activating: - Review the scripts (activator.sh, error-detector.sh, extract-skill.sh) locally — they are small and readable. Ensure you trust and understand them before making them runnable. - Prefer project-level hook configuration (project root .claude/.codex settings) instead of user-level (~/.claude) to avoid the skill running for every session across all projects. - Do not enable automatic promotion to workspace/global files without controls. Workspace targets like CLAUDE.md, AGENTS.md, or ~/clawd/ are injected into future sessions and can cause accidental data sharing across projects or users. - Add explicit redaction/sanitization rules before logging: never write API keys, tokens, passwords, or other secrets into .learnings/ or promoted files. Update templates or scripts to filter known secret patterns, or require a manual confirmation step before appending entries. - Restrict permissions: keep the skill files writable only by your user and avoid placing them in globally shared locations. If you run extract-skill.sh, check its output (or use --dry-run) before allowing it to write files. - If you want automated error detection, limit PostToolUse hooks to specific commands or matchers (as suggested in hooks-setup) to reduce noise and scope. If you need help auditing or hardening the scripts (e.g., adding secret-detection/redaction), provide the specific deployment path (project-level vs user-level) and I can suggest concrete changes.
Latest Release
v1.0.0
- Initial release of the self-improvement skill for structured project learnings and continuous improvement. - Provides detailed guides and templates for logging errors, user corrections, feature requests, and knowledge gaps in markdown files. - Defines categories, log formats, metadata, and processes for reviewing, resolving, and promoting insights to project documentation. - Outlines triggers and periodic review steps to ensure recurring issues and valuable knowledge are captured and acted upon. - Supports detection patterns (corrections, requests, gaps, errors) for automatic or manual entry creation.
Popular Skills
Published by @TXMERLXN on ClawHub
