Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
RSI Loop v2 — AVO-Inspired Agent Self-Improvement
v2.0.0Recursive Self-Improvement (RSI) loop for EvoClaw agents. Provides a structured observe→analyze→synthesize→deploy pipeline that enables agents to detect thei...
⭐ 0· 59·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (an RSI loop for EvoClaw agents) matches the included code and instructions: observer→analyzer→synthesizer→deployer. The ability to scaffold skills, update SOUL.md/AGENTS.md, and run discovery on routing components is consistent with a self-improvement tool. However the skill includes actions that reach beyond its own directory (templates/implementation that run other skills' scripts and target files across the workspace), which is powerful but also wider than a small, focused helper. That breadth is plausible for an RSI tool but worth conscious acceptance.
Instruction Scope
SKILL.md instructs running multiple scripts that read/write data/JSONL in skills/rsi-loop/data and that call or instruct running other skills (e.g., skills/intelligent-router scripts, spawn_helper, tiered-memory scripts). The codebase includes a Lineage store that creates/writes memory/rsi-lineage.jsonl and methods that rewrite lineage files (update_outcome). Several 'implementation' templates explicitly tell the agent to run commands that will modify files across the repo. SKILL.md does not declare or warn about needing repository-level write access, nor does it enumerate external endpoints/credentials required by those downstream scripts. This gives the agent broad discretion to inspect and change files outside its own directory during auto-deploy cycles.
Install Mechanism
No install spec is present (instruction-only install), which reduces risk of arbitrary remote code downloads. However, the skill ships many Python scripts (21 code files) that will be executed locally; because there is no explicit install step, those files will simply run from the agent runtime when invoked. That is expected for an instruction+script skill, but users should treat the included code as executable payload that will run on the host.
Credentials
The registry metadata declares no required env vars or credentials, but internal policies and code reference environment-driven behavior (e.g., mutation-selection mentions EVOLVE_STRATEGY, cron examples reference models and MQTT integration) and implementation templates will likely rely on existing platform credentials (model provider keys, MQTT or ClawChain access). The skill requests no secrets up front yet contains functionality that may trigger use of other credentials present on the agent. Also, several data/proposals include absolute filesystem paths observed from prior runs — suggesting the code performs workspace scanning. This mismatch (no declared env/config needs vs. code that depends on broader environment/context) is a red flag for misplaced assumptions.
Persistence & Privilege
always:false (not force-included) and model invocation is allowed (normal). The skill persists append-only and derived files under skills/rsi-loop/memory and data; LineageStore makes directories and writes JSONL. The skill is allowed to auto-deploy proposals (CLI flags for auto-approve thresholds), which means it can autonomously make code/config changes within blast-radius rules. That autonomous modify capability combined with repository-level file access increases blast radius, but the skill includes an IMMUTABLE_CORE list intended to require human approval for certain files. Importantly, there's an inconsistency: IMMUTABLE_CORE lists AGENTS.md and SOUL.md (protected), while some Genes' allowed_paths (and proposals) explicitly target AGENTS.md for auto-application — this contradiction needs manual verification (either Genes would be blocked by the immutable policy or the policy is not enforced).
What to consider before installing
What to check before installing/using this skill:
- Review deployer.py, synthesizer.py, and any 'apply_gene' logic. Confirm how the code enforces blast_radius and IMMUTABLE_CORE (is AGENTS.md / SOUL.md actually blocked at runtime?).
- Expect the skill to write files under skills/rsi-loop/data/ and skills/rsi-loop/memory/ (append-only lineage & events). If you need to keep an audit trail, review those artifacts; if not, run in a disposable environment first.
- The skill can execute scripts in other skill directories (e.g., skills/intelligent-router/*). Decide whether you want an automated process that can run those commands or change those files — if not, restrict filesystem permissions or run the skill in a sandbox/container.
- The code refers to an EVOLVE_STRATEGY env var and other platform integrations (MQTT, model provider names) but declares none; if you plan to enable auto-deploy, make explicit policies and environment variables you trust. Consider setting auto-approve thresholds to 0 (no auto-approve) until you’ve audited behavior.
- Because this skill can autonomously modify repo files and run cross-skill commands, treat it like a privileged operator: test in a safe sandbox, inspect tests and the deploy path, and require human-in-the-loop approval for any change touching production files.
If you want, I can scan specific files (deployer.py, synthesizer.py, openclaw_shim.py) for the exact enforcement logic and list the places where it reads/writes files or invokes external commands.Like a lobster shell, security has layers — review code before you run it.
latestvk9778wc2z6wnsv0t8cny9baqm983nsby
License
MIT-0
Free to use, modify, and redistribute. No attribution required.