A new open-source project called openclaw-superpowers has introduced self-modifying capabilities to OpenClaw agents, allowing them to write and install new skills during live conversations without requiring a restart. The library, published by GitHub user ArchieIndian, ships 30 skills split between 12 core methodology skills adapted from Jesse Vincent's obra/superpowers framework and 18 skills purpose-built for OpenClaw's 24/7 persistent runtime. The central primitive is a create-skill skill that lets an agent encode a user preference or behavior directly as a durable SKILL.md file, which takes effect immediately and persists across sessions. OpenClaw itself supports over 20 messaging channels including WhatsApp, Telegram, Signal, and Slack, and is sponsored by OpenAI, Vercel, Blacksmith, and Convex.
The 18 OpenClaw-native skills represent the project's more substantive contribution, addressing operational challenges that simply do not arise in session-based developer tools like Claude Code or Cursor. These include long-running task management with checkpointing across hours, persistent memory hygiene via daily cron jobs, a spend circuit breaker that tracks API costs against a monthly budget, and a multi-agent coordinator for managing parallel agent fleets. The library also ships three dedicated security skills: a prompt-injection-guard that detects six signal types in external content, a skill-vetting scanner for ClawHub community skills, and a dangerous-action-guard that gates irreversible actions behind explicit user confirmation with a five-minute expiry window.
The project's security model warrants close scrutiny given the self-modification surface it introduces. The create-skill primitive bypasses the dangerous-action-guard by default since the two are architecturally decoupled and the library does not enforce chaining them. The skill-vetting scanner applies only at ClawHub install time and is not invoked when create-skill generates a skill dynamically during conversation. The workspace-integrity-guardian cron runs only on Sundays at 3am and does not scan the skills directory itself, meaning a successfully installed backdoor skill could persist for up to 167 hours on a <a href="/news/2026-03-14-nanoclaw-partners-with-docker-for-hypervisor-level-agent-sandboxing">continuously running agent</a> with full channel access. The README states directly that "36% of ClawHub skills contain injection payloads" — these are not theoretical edge cases.
For teams evaluating the library, the three most concrete gaps to close are: enforced chaining of create-skill through the <a href="/news/2026-03-14-aip-agent-intent-protocol-cryptographic-identity">dangerous-action-guard</a>, dynamic skill-vetting on any skill generated at runtime, and a more frequent integrity scan cadence than weekly. The architecture — local YAML state files, cron-registered skill schedules, symlinked SKILL.md files — is auditable, and the companion scripts support dry-run modes and JSON output. That transparency makes the gaps fixable. The source is available at https://github.com/ArchieIndian/openclaw-superpowers.