Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
herclaw-agentsystem
v1.0.3Self-improving AI agent framework with autonomous learning, skill creation, and self-evolution. Features: - Learning Loop: Autonomous learning from experienc...
⭐ 0· 94·0 current·0 all-time
byyaoo-2818@281862066-a11y
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (self-improving agent, skill creation, RL-based evolution) matches the included modules (memory_manager, pattern_recorder, nudge_system, skill_creator, self_evolution). There are no unrelated environment variables or external dependencies requested. However, the presence of explicit 'SkillCreator' and 'SelfEvolution' modules is powerful — appropriate for the stated purpose but requiring careful privilege and deployment controls.
Instruction Scope
SKILL.md is largely descriptive and the visible modules emphasize local-only storage and explicit user confirmation for pattern recording. Despite that, the nudge system and SkillCreationHandler can schedule/trigger autonomous skill-creation flows (creator.scan_and_create). The runtime instructions and code permit automated detection, synthesis, and (potentially) deployment of new skills; whether such deployment requires explicit user confirmation is not visible in the truncated skill_creator/self_evolution sources. This gives the agent broad latitude beyond simple 'assistive' actions.
Install Mechanism
No install spec is provided and requirements.txt states only standard-library usage. There are bundled Python modules but no remote downloads or extract/install steps. From an install perspective this is low risk, though runtime behavior depends on how the agent executes these modules.
Credentials
The package declares no required environment variables, no credentials, and no restricted config paths. That is proportionate to the described local-memory and pattern workflow functionality.
Persistence & Privilege
always:false (good) but model-invocation is allowed (default), meaning the agent can invoke this skill autonomously. Combined with modules that synthesize and (apparently) register or deploy skills and a nudge scheduler that can trigger creation tasks, this gives the package meaningful persistence/privilege within the agent environment. The code shows local file/database writes (memory/, patterns/, nudges/). Whether it can modify the agent's global skill registry or communicate externally is not visible in the truncated files — that uncertainty elevates risk.
What to consider before installing
This package implements autonomous pattern recording, a local 3-layer memory, and modules to synthesize new skills — which is consistent with its description but also powerful. Before installing, review the full contents of scripts/skill_creator.py and scripts/self_evolution.py to confirm: (1) whether they perform any network calls (requests, urllib, sockets, http client code), (2) whether they write to or modify the agent's global skill registry or configuration, and (3) whether they deploy or enable newly generated skills without explicit user approval. If you cannot inspect those files, treat the skill as untrusted. Consider running it in a sandboxed agent with autonomous invocation disabled (or limited), back up agent configuration, and monitor created files/directories (memory/, patterns/, nudges/). Require explicit user confirmation for any skill-deployment actions and restrict file-system access where possible.Like a lobster shell, security has layers — review code before you run it.
latestvk976n2sxzxzbsqexcmk65jejn584knra
License
MIT-0
Free to use, modify, and redistribute. No attribution required.