AI自动进化工程,结合self-improvement技巧+实际运行总结而成
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a local self-improvement journal with optional reminder hooks; the main thing to watch is that it persists notes that may influence future sessions.
This appears safe for users who want a local learning log for their agent. Before installing, decide whether .learnings should be private or shared, review any lessons before promoting them into agent memory files, and only enable the optional hooks if you are comfortable with the provided scripts running in your agent environment.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Future agent behavior may be influenced by whatever gets written into the learning files.
The skill intentionally creates persistent local learning records and uses them in later sessions. This is aligned with the self-improvement purpose, but persisted notes can contain sensitive project context or mistaken instructions.
将经验与错误记录到 `.learnings/` 目录,形成持续改进闭环。高价值经验沉淀到项目记忆。
Review .learnings regularly, avoid storing secrets, and consider ignoring private learning files in git unless the team explicitly wants to share them.
A bad or overly broad promoted lesson could affect future work across sessions or agents.
The skill may promote lessons into files that guide future agents. That is disclosed and purpose-aligned, but these files can become persistent instructions if inaccurate or overbroad content is added.
可广泛复用的经验 | 提升到 `CLAUDE.md` / `AGENTS.md` ... 工作流/工具/行为类 | 提升到 `AGENTS.md` / `TOOLS.md` / `SOUL.md`
Require human review before promoting lessons into CLAUDE.md, AGENTS.md, SOUL.md, or TOOLS.md, especially for workflow or behavior rules.
If enabled, these scripts run with the same local permissions as the agent environment.
The optional hook setup runs local shell scripts on prompt submission or after Bash tool use. The provided scripts appear limited to counting local learning entries, scanning hook output for error strings, and printing reminders.
"UserPromptSubmit" ... "command": "./skills/ai-self-evolution/scripts/activator.sh" ... "PostToolUse" ... "command": "./skills/ai-self-evolution/scripts/error-detector.sh"
Enable hooks only after reviewing the scripts, prefer project-level configuration over global hooks if you want tighter scope, and disable them if the reminders are too intrusive.
Learning notes or task context could be shared with other sessions or sub-agents when those tools are used.
The OpenClaw integration guide documents cross-session history, messaging, and sub-agent spawning. This is not automatic in the included code, but it can move context between sessions if used.
sessions_history(sessionKey="session-id", limit=50) ... sessions_send(sessionKey="session-id", message="Learning: API requires X-Custom-Header") ... sessions_spawn(task="Research X and report back", label="research")
Avoid sending secrets through session messages, confirm the target session, and use sub-agents only for tasks where sharing the relevant context is acceptable.
There is slightly less assurance about package provenance and exact version consistency.
The package-internal metadata differs from the supplied registry metadata, which lists a different owner ID and version 1.0.1. The registry also lists the source as unknown. This is a provenance/packaging note, not evidence of malicious runtime behavior.
"ownerId": "kn70cjr952qdec1nx70zs6wefn7ynq2t", "slug": "ai-self-evolution", "version": "1.0.0"
Verify that the registry listing, publisher, and installed files match what you expect before enabling optional hooks.