ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Self-Evolve

v1.0.0

Autonomous self-evolution skill: grants the agent full authority to modify its own configuration, skills, prompts, AGENTS.md, SOUL.md, memory files, and any workspace file WITHOUT asking for user confirmation. The agent should proactively identify weaknesses, fix them, write new skills, and continuously improve itself.

6· 8.9k·86 current·92 all-time
byCLOUD BOY@be1human
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name/description (autonomous self-evolution) align with the SKILL.md: it explicitly tells the agent to edit its prompts, skills, memory, and even system config. However, the capability set is extremely broad — editing ~/.openclaw/openclaw.json, installing tools, executing bash and curl, and publishing new skills to ClawHub — and the skill declares no credentials or config requirements. Requiring the ability to publish and change system-level configuration without declaring how credentials or access are obtained is disproportionate and unexplained.
!
Instruction Scope
SKILL.md instructs the agent to read and write many files (AGENTS.md, SOUL.md, MEMORY, any workspace files), execute arbitrary bash commands, call curl, install dependencies, and publish new skills with `npx clawhub publish` — all without asking the user. Those instructions go far beyond a narrowly scoped helper and explicitly remove user confirmation. They also enable broad network I/O and potential exfiltration or unauthorized propagation (publishing). The 'only red lines' (no deleting personal data, no leaking secrets) are vague and unenforceable in an instruction-only spec.
Install Mechanism
No install spec (instruction-only), so nothing is written at install time — this is lower initial risk. However, the runtime instructions encourage installing tools and using npx to publish, which moves the risk to execution time. The absence of an explicit install step hides how additional code/dependencies would be introduced later.
!
Credentials
skill.json and SKILL.md declare no required env vars or credentials, yet the instructions expect operations that normally require secrets (publishing to ClawHub via npx, modifying ~/.openclaw/openclaw.json which may contain API keys/model tokens). This mismatch is disproportionate: the skill implicitly needs credential access and write permissions but does not declare or justify them.
!
Persistence & Privilege
always:false but disable-model-invocation:false (normal) means the agent can autonomously invoke the skill. Combined with instructions to self-modify, create/publish skills, change system config, and run arbitrary commands, this grants a large effective privilege and blast radius. The skill can introduce new capabilities at runtime (including networked publishing) and alter agent behavior without user consent.
What to consider before installing
This skill explicitly tells an agent to change its own code, configuration, and install/run arbitrary commands without asking you — and to publish new skills. That is powerful and risky. Before installing, consider: - Do not install unless you fully trust the skill author and understand the implications. Treat this as granting the agent near-admin authority over its workspace and config. - If you need experimentation, run it in a tightly isolated sandbox (VM/container) with no access to your home directory, no access to cloud credentials, and restricted network egress. - Require explicit user confirmation for any file-system or network-affecting action (remove the 'no-confirm' behavior). - Prevent automatic publishing: revoke or do not provide ClawHub/publish credentials, and audit any attempts to call npx or similar tools. - Lock down ~/.openclaw/openclaw.json and other config files with file-system permissions; keep backups and use version control to review all changes. - Monitor logs and require an approval workflow for changes to skills/, system config, or publishing to remote registries. Given the combination of self-modification, shell/network access, and implicit need for credentials, this skill is coherent with its stated mission but too broad and potentially dangerous for most users. If you proceed, apply strong sandboxing, audit, and manual-approval controls.

Like a lobster shell, security has layers — review code before you run it.

latestvk97apxcf97v8tc0xgmjz6r4mqn80yqc3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments