Nova Skill Evolution Tracker — 技能进化追踪系统
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is not overtly malicious, but it asks for recurring autonomous monitoring and notifications while the visible code can mark sources as checked without actually checking them.
Install only if you are comfortable with it inspecting tracked skill files and maintaining persistent reports. Before use, disable any automatic schedule and external notifications unless you explicitly configure them, require approval for every skill change, and verify the monitor actually fetches and analyzes sources before trusting its update status.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may believe expert sources were checked and no updates were found even when no real check occurred.
The monitor marks each URL as checked and records a last_check date, while the visible check_single_skill function does not fetch or analyze those URLs. This conflicts with the skill's stated monitoring purpose and can mislead users into trusting stale results.
results["sources_checked"].append({ "url": url, "status": "checked", "update_found": False }) ... versions["skills"][skill_id]["last_check"] = datetime.now().isoformat()[:10]Do not mark sources as checked unless the script actually retrieves and analyzes them; label stub or report-only behavior clearly.
The agent could be encouraged to run periodic background monitoring without clear user control.
The skill instructs recurring automatic execution across all tracked skills, but the artifacts do not define opt-in scheduling, stop controls, or runtime boundaries.
每月1日自动运行: python3 /workspace/skills/skill-evolution-tracker/scripts/skill_monitor.py --all
Require explicit user opt-in for any schedule, document how to disable it, and avoid autonomous recurring runs by default.
Information about installed skills and update reports could be sent outside the user's workspace or to the wrong recipient.
The skill describes sending generated reports through Enterprise WeChat to a named person, but no destination, credential, consent, or data-boundary configuration is declared.
月度检查完成后: → 生成报告 → 通过企业微信通知 Eric
Make notifications disabled by default, require user-selected recipients, declare any required credentials, and ask before sending reports externally.
A skill may be changed automatically without the user reviewing exactly what changed.
The skill's update policy allows automatic patch updates without approval. Even small SKILL.md changes can alter future agent behavior, and the artifacts do not define diff review, rollback, or scope limits.
patch(补丁版本): → 文字修正/格式调整 → 自动更新(无需审批,但记录日志)
Require explicit approval for all skill file changes, show diffs before writing, and provide rollback instructions.
A malicious or noisy source page could skew the generated update recommendation.
The diff prompt places retrieved source content directly into an LLM prompt. Public web/social content is untrusted and could contain instructions that influence the analysis unless explicitly delimited and ignored as instructions.
## 最新信息源内容:
{new_content[:3000]}
## 分析任务:
请输出JSON格式Treat source text as untrusted data, add explicit prompt-injection defenses, and validate JSON output before using it.