ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Iterative Code Evolution

v1.0.0

Systematically improve code through disciplined analysis, targeted mutations, verification, scoring, and logging to iteratively enhance quality and design.

0· 790·3 current·3 all-time
by@aaronjmars
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (iterative code improvement) match the SKILL.md and README. The skill is instruction-only, asks for no env vars or binaries, and only requires read/write access to the project it is run against — which is appropriate for a code-evolution tool.
Instruction Scope
The instructions direct the agent to analyze code, produce targeted changes, run and verify code, and archive variants under a project-local .evolution/ directory. This stays within the stated purpose, but it implies the agent will read and modify repository files and execute project code (tests, runs). That behavior is expected for this skill but carries the usual risk of running untrusted code or storing sensitive data in the log snapshots; the SKILL.md does not explicitly instruct how to handle secrets or what commands to avoid.
Install Mechanism
No install spec and no code files — lowest-risk delivery. README suggests copy/paste into client settings or a local skills folder, which is normal for an instruction-only skill.
Credentials
The skill requests no environment variables, credentials, or external config paths. File-system use is limited to the project (creating .evolution/), which is proportionate to its function.
Persistence & Privilege
The skill is not always-enabled and does not require system-wide changes. It does create persistent project-local artifacts (.evolution/log.json and variant snapshots). This is reasonable but can bloat repositories or accidentally capture sensitive data if snapshots include secrets — the skill does not include explicit guidance to exclude secrets or add .evolution/ to .gitignore.
Assessment
This skill appears coherent and does what it claims: it will read your project, run and edit code, and store iteration logs and snapshots under .evolution/ in the project root. Before installing or running it: (1) only use in projects you trust or in an isolated/sandboxed environment because the skill will run project code and apply edits; (2) add .evolution/ to .gitignore and review archived snapshots before committing to source control (snapshots may include secrets or sensitive state); (3) review the SKILL.md and any suggested commands so you can approve actions before changes are applied; (4) prefer running the agent on a feature branch or copy of the repo so you can easily revert changes; (5) if you use CI or automated deploys, ensure the skill’s automatic edits won’t be pushed without review. If you want higher assurance, run the skill in a disposable container/VM or require manual approval for each mutation.

Like a lobster shell, security has layers — review code before you run it.

latestvk971ndd5n750qc8b7xyxdhk5v1813318

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments