ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Self Evolution Cn

v2.0.4

多 agent 自我进化系统,自动记录学习、错误和功能需求,支持多 agent 统计和自动提升

0· 183·0 current·0 all-time
bycheney@cheney87
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (multi‑agent self‑evolution, record learnings/errors, auto‑promote) match the included files: hook handler, scripts to set up shared learning dir, daily review, error detector, activator, and extraction helper. The skill legitimately needs to read/write learning files, manage shared directories and integrate with OpenClaw hooks/cron.
Instruction Scope
SKILL.md and scripts instruct the user to run setup.sh which: copies template files into a shared learning directory, creates/overwrites workspace .learnings directories (symlinks or backups), copies hook files into OpenClaw hooks directory and enables the hook, and installs a daily cron job. Those operations are within scope for a tool that manages shared agent learning, but they are invasive (filesystem changes, crontab edits, hook registration). Review and run these actions manually if you want to inspect their effects first.
Install Mechanism
No automatic installer or remote downloads. This is instruction+script driven: nothing fetches code from arbitrary URLs or uses extract. Risk is limited to what the scripts do locally (copying files, creating symlinks, editing crontab).
Credentials
The package does not declare required env vars in registry metadata, but the code and docs use SHARED_LEARNING_DIR, AGENT_ID and AUTO_PROMOTE_ENABLED. These are reasonable and not secrets. No credentials or external tokens are requested. Verify environment variables and default paths (defaults use /root/.openclaw) before running.
Persistence & Privilege
The skill will (if you run setup.sh) add/replace hooks in OpenClaw's hooks directory, create symlinks/backup or directories under workspaces, and add a cron job to run daily_review.sh. always:false and no automatic network callbacks reduce risk, but these are persistent local changes that require your explicit consent.
Assessment
This skill appears to do what it claims: detect corrections/errors, append entries to LEARNINGS.md/ERRORS.md, aggregate Pattern-Key counts, and (optionally) auto‑promote items to SOUL.md. Before installing: 1) Inspect scripts (setup.sh, daily_review.sh, trigger-daily-review.sh) because they will create/modify ~/.openclaw workspaces, create symlinks, copy template files and add a crontab entry. 2) Note default paths are rooted at /root/.openclaw — change SHARED_LEARNING_DIR/OPENCLAW_DIR environment variables if you don't want writes to /root. 3) The skill enables an OpenClaw hook (it calls openclaw hooks enable) and expects the openclaw CLI; if you don't want automatic hook registration, enable the hook manually after copying files. 4) There are small repository inconsistencies (version numbers and a reference to $SKILL_DIR/.learnings/… in setup.sh that may be a packaging bug) — run in a test environment first. 5) No network exfiltration or secret collection was detected, but because scripts modify local files and crontab, only run them if you trust the source and have backups of your OpenClaw workspaces.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c461kszzs65j8djjq2b3hs184yeqg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments