← Back to Skills Marketplace
jose-compu

Self-Improving Security

by José I. O. · GitHub ↗ · v1.2.0 · MIT-0
cross-platform ✓ Security Clean
100
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install self-improving-security
Description
Captures vulnerabilities, misconfigurations, access control violations, compliance gaps, incident response patterns, and threat intelligence to enable contin...
Usage Guidance
This skill appears to do what it says: create/append security learning and incident logs and inject bootstrap reminders. Before installing or enabling hooks: 1) Review the scripts (scripts/*.sh) and hook handlers for yourself — they will run with your agent's permissions. 2) Prefer the activator-only (UserPromptSubmit) setup; be cautious enabling PostToolUse/error-detector because it reads tool output (CLAUDE_TOOL_OUTPUT) that may contain secrets — ensure you trust the environment and that the detector won't forward sensitive content. 3) If using the manual git clone URL, verify the repository source and contents before running any scripts. 4) Ensure file permissions are correct (chmod +x scripts/*.sh) and prefer dry-run options (extract-skill.sh --dry-run) when available. 5) Follow the skill's redaction guidance strictly: never store unredacted secrets or PII in .learnings/.
Capability Analysis
Type: OpenClaw Skill Name: self-improving-security Version: 1.2.0 The bundle is a defensive security framework designed to help AI agents identify, log, and remediate security findings. It includes scripts for environment initialization, error detection, and skill scaffolding (e.g., `extract-skill.sh`, `activator.sh`), all of which are aligned with the stated purpose of continuous security improvement. The instructions in `SKILL.md` and the OpenClaw hooks (`handler.js`) emphasize strict redaction of sensitive data like API keys and PII, and no evidence of data exfiltration, unauthorized execution, or malicious intent was found.
Capability Tags
requires-sensitive-credentials
Capability Assessment
Purpose & Capability
The name/description (capture security learnings, incidents, and promote patterns to runbooks) matches the shipped files and scripts: markdown templates, log scaffolding, a small activator reminder, an error-detection pattern-checker, and helpers to scaffold extracted skills. No unrelated credentials, binaries, or install steps are required.
Instruction Scope
Runtime instructions create/read .learnings/ files and optionally inject a reminder into OpenClaw workspaces; the activator only prints a reminder. The error-detector reads CLAUDE_TOOL_OUTPUT (user-provided command output) and scans it for security keywords — it does not forward raw output but will emit a detection marker. User must follow the redaction guidance: the skill relies on the operator to avoid recording secrets. Consider reviewing the scripts before enabling PostToolUse hooks because they operate on potentially sensitive tool output.
Install Mechanism
No automatic install spec is provided (instruction-only), so nothing is downloaded or extracted by the platform. The SKILL.md suggests manual git clone or clawdhub install; manual cloning is explicit and under user control. As with any manual clone, treat the referenced GitHub repo as a supply-chain source and review code before executing scripts.
Credentials
The skill declares no required environment variables, credentials, or config paths. The only environment value the scripts read is CLAUDE_TOOL_OUTPUT (for the optional error-detector hook) — which is proportional to the stated optional feature and documented with a caution about sensitive content.
Persistence & Privilege
always is false and the skill does not request permanent platform privileges. Hooks add a virtual reminder file on agent bootstrap (handler mutates event.context.bootstrapFiles), which is consistent with an opt-in reminder hook. The skill does not modify other skills or system-wide configs beyond instructions to copy hook files into the user's hooks directory if the user opts in.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install self-improving-security
  3. After installation, invoke the skill by name or use /self-improving-security
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
**Version 1.1.0** - Added stackability contract for multi-skill installations. - Added namespaced logging guidance (`.learnings/security/`) for coexistence with other skills. - Added required `Skill: security` metadata field and cross-skill precedence/ownership rules. - Clarified hook arbitration model (single dispatcher, dedupe, rate limiting).
v1.1.0
self-improving-security v1.1.0 - Updated the sensitive data redaction table to clarify token types: now specifies "Access tokens (JWT, bearer, session)". - Added a new note: "No credentials or access tokens are required by this skill." - No functional or file changes detected—documentation-only update for clarity around secret/token handling and onboarding.
v1.0.0
Self-Improving Security Skill v1.0.0 - Initial release capturing and logging vulnerabilities, misconfigurations, access violations, compliance gaps, incident response, and threat intelligence for continuous improvement. - Provides strict guidance on redacting sensitive data before logging, with a reference table for redaction formats. - Details quick-reference actions for a range of security events, mapping them to proper log files and categories. - Includes setup and integration instructions for OpenClaw and generic agents, ensuring consistent logging across environments. - Promotes mature security patterns to runbooks, checklists, and workspace documentation for long-term maturity. - Offers optional hooks for automated session reminders and initialization.
Metadata
Slug self-improving-security
Version 1.2.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is Self-Improving Security?

Captures vulnerabilities, misconfigurations, access control violations, compliance gaps, incident response patterns, and threat intelligence to enable contin... It is an AI Agent Skill for Claude Code / OpenClaw, with 100 downloads so far.

How do I install Self-Improving Security?

Run "/install self-improving-security" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Self-Improving Security free?

Yes, Self-Improving Security is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Self-Improving Security support?

Self-Improving Security is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Self-Improving Security?

It is built and maintained by José I. O. (@jose-compu); the current version is v1.2.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments