Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Recursive Self Improvement
v1.0.0递归自我改进系统,能够自动检测错误并修复,或持续优化和重构。包含修复模式和优化模式,支持并发执行、自动化测试、性能监控、智能调度、自适应学习、错误预测和异常恢复。用于需要持续自我优化的系统。
⭐ 6· 5.5k·42 current·43 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to detect errors, modify code/logic, run tests, monitor performance, and perform deployments/refactors. Yet the package declares no binaries, no credentials, no config paths, and supplies no connectors or concrete tooling. Performing the stated tasks in a real environment would normally require repository/CI credentials, test runners, monitoring APIs, or filesystem access — none of which are requested or described.
Instruction Scope
SKILL.md contains actionable workflows that include '代码/逻辑变更', '单元/集成/回归测试', '性能监控', and '递归调用'. These are high-level but permissive instructions that could lead an agent to read/write source files, invoke test suites, call CI or monitoring endpoints, or deploy changes. The instructions lack explicit limits, approval gates, file/path scopes, or safe-guarding procedures (e.g., require manual review before committing changes).
Install Mechanism
Instruction-only skill with no install spec and no code files. That minimizes direct supply-chain risk since nothing is downloaded or installed by the skill itself.
Credentials
The manifest requests no environment variables or credentials, but the described capabilities inherently require access to source repositories, CI/CD, test runners, and monitoring systems. The absence of declared required credentials or explicit scoping is a mismatch and could lead to the agent asking for or attempting to use broad credentials at runtime.
Persistence & Privilege
always:false and no install means the skill does not demand permanent system presence. However model invocation is allowed (normal), and combined with instructions that tell the agent to autonomously modify code, this creates a higher-risk scenario: an autonomously-invoking agent could enact changes if given tool access or permissions. There are no instructions in SKILL.md that explicitly require persisting credentials or modifying other skills.
What to consider before installing
This skill defines an autonomous 'self-improvement' process that includes modifying code and running tests but provides no concrete connectors, required credentials, or safety gates. Before installing or enabling it: 1) Treat it as potentially high-risk — run it only in an isolated test environment or sandbox. 2) Do not grant it repository, CI, or monitoring credentials with write/deploy scope — instead create narrow, read-only or test-only accounts if needed. 3) Require human approval for any code commits, merges, or deployments (add explicit gating/PR review). 4) Ask the author for provenance and for concrete connector specs (which repos/CI/metrics it needs) and for built-in safeguards (rollback, authorization, audit logs). 5) If you want lower risk, limit the skill to producing repair/optimization suggestions rather than applying changes automatically, or disable autonomous invocation so every action requires your explicit permission.Like a lobster shell, security has layers — review code before you run it.
latestvk977tmhxc9zzpfjapwyr2cf2x580j8qx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.