ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Evolve

v0.0.2

Local DevOps/autonomy skill for OpenClaw (safe evolution loop with guardrails).

0· 1k·7 current·7 all-time
by@delkoman88

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for delkoman88/evolve.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Evolve" (delkoman88/evolve) from ClawHub.
Skill page: https://clawhub.ai/delkoman88/evolve
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install delkoman88/evolve

ClawHub CLI

Package manager switcher

npx clawhub@latest install evolve
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description claim a local DevOps/autonomy controller; the SKILL.md matches that (it delegates to a local evolvectl.sh and exposes plan/generate/test/promote/rollback). That capability is coherent with the stated purpose, but the skill does not declare any config paths or permissions even though 'promote' implies modifying agent/skill state — a minor mismatch.
!
Instruction Scope
The runtime instructions simply say 'delegate to evolvectl.sh' (overrideable via EVOLVECTL). They do not include the controller code, do not constrain what the script may do, nor enumerate the files/configs it may read or write. This grants broad discretion to run arbitrary local commands and to modify system/agent state, which is outside the safe, well-scoped instructions expected for a registry skill.
Install Mechanism
Instruction-only skill with no install steps or bundled code. This is low-risk from an install perspective because nothing is written by the skill itself.
Credentials
The skill declares no required env vars or credentials; SKILL.md mentions an optional EVOLVECTL override env var. While the lack of requested secrets is appropriate, the skill's actions (promote/rollback active skills) imply it will need access to agent configuration or skill files — yet no config paths were declared. That mismatch is worth caution.
!
Persistence & Privilege
The skill does not request 'always' and allows autonomous invocation (default). Autonomous invocation combined with the ability to run an arbitrary local controller script that can promote/modify skills increases blast radius. The skill's metadata does not state what system files it will change, so this is a notable privilege surface.
What to consider before installing
This skill is just a thin wrapper that calls a local script (evolvectl.sh). That means the real behavior depends entirely on that script — the registry entry itself contains no code to inspect. Before installing or enabling this skill: 1) locate and inspect the evolvectl.sh the agent would run (or set EVOLVECTL to a vetted path) and verify it does only what you expect; 2) confirm what files/configs the controller will read/write (especially agent/skill configs) and whether it needs elevated privileges; 3) limit agent autonomy or run the skill in a restricted/sandboxed environment until you trust the controller; 4) request source/homepage or a signed release from the author — absence of a homepage and the mismatched metadata version/published timestamp are additional signals to verify origin. If you cannot review the controller script, do not enable autonomous invocation for this skill.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🧬 Clawdis
latestvk971pr080qa3wcr8ysavr15j7n8105wh
1kdownloads
0stars
2versions
Updated 2h ago
v0.0.2
MIT-0
@delkoman88
latest
Download

evolve

Local DevOps/autonomy skill for OpenClaw.

This skill provides a safe "evolution loop" controller (barandales) that:

  • snapshots current status
  • generates candidates
  • tests candidates
  • promotes candidates into active skills
  • supports rollback

Commands

  • evolve plan
  • evolve generate <slug>
  • evolve test <slug>
  • evolve promote <slug>
  • evolve rollback <slug>

Notes

This skill delegates to a local controller script (evolvectl.sh). You can override its location with EVOLVECTL.

Comments

Loading comments...