Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Continuous Evolution
v1.0.1持续进化系统 - 每次任务后记录经验、分析原因、归档到经验库,实现持续自我改进。
⭐ 0· 181·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (continuous experience logging and improvement) matches the presence of a script that records experiences, analyzes gaps, and updates an assessment. However the script expects and writes to /root/.openclaw/workspace (tasks, memory, skills) and can create P1 tasks in a queue. Those filesystem and task-queue accesses are not declared in the skill metadata and are higher-privilege than a simple 'logger' would need.
Instruction Scope
SKILL.md documents manual and automatic triggers and shows CLI examples (/evolve log, /evolve review) but provides no install to create that command. The actual evolve.sh records experiences, analyzes gaps, updates JSON, and writes tasks into TASKS_DIR/queue — this extends beyond passive logging into modifying agent task queues and scheduling. The SKILL.md also claims automated triggers after every task; the instructions are vague about how that hook is installed or authorized.
Install Mechanism
There is no install spec despite shipping executable code (evolve.sh). That mismatch means authors left it to the integrator to place/enable the script (e.g., creating /evolve or cron hooks). The lack of an install step that would document how the script is wired into the agent is a gap and increases risk because automatic execution is implied but not explained.
Credentials
The skill declares no required env vars or config paths but the script hard-codes and writes to /root/.openclaw/workspace paths. It also creates JSON tasks in a queue directory and writes logs and assessment files. Those are significant privileges not represented in metadata. The script uses utilities (jq, bc, awk) without declaring them; failure modes aside, writing into the agent workspace and task queue is disproportionate unless explicitly justified.
Persistence & Privilege
always:false and user-invocable:true (normal), but the code's ability to generate high-priority evolution tasks in the TASKS_DIR queue gives it an effective mechanism to persist influence by scheduling future work for the agent. That capability represents elevated privilege (modify task queue) and is not documented in skill metadata or SKILL.md hookup instructions.
What to consider before installing
This skill contains a real shell script (evolve.sh) that writes into /root/.openclaw/workspace (experience logs, gap files, capability JSON) and can create P1 JSON tasks in a tasks/queue directory. Before installing or enabling it, verify: 1) whether your agent environment exposes the /root/.openclaw workspace and whether allowing a skill to write there is acceptable; 2) who will install and wire the script into the runtime (there is no install spec or /evolve installer); 3) restrict permissions (run in a sandbox or non-root workspace) and review/modify the script so it uses an explicit, agreed-upon path instead of hard-coded root paths; 4) confirm you want a skill that can create tasks in the agent queue (this can cause the agent to execute follow-up work); and 5) ensure required binaries (jq, bc, awk) exist or update the script to avoid undeclared dependencies. If you can't validate these points, do not enable the skill or only run it manually in an isolated environment after code review.Like a lobster shell, security has layers — review code before you run it.
latestvk9784fdx7t8755pc6j4xv420vh83hn58
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔄 Clawdis