ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Auto Evolution (Hybrid Mode)

v2.0.0

Multi-agent auto-evolution system with hybrid mode — orchestrate review-execute-audit loops with 4 roles (Coordinator, Reviewer, Executor, Auditor). Supports...

0· 86·1 current·1 all-time
byJaden's built a claw@cjboy007
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (multi-agent orchestration with Coordinator/Reviewer/Executor/Auditor) aligns with the included scripts which implement heartbeat, monitor, reviewer starter, packer, and task creation. However there are manifest/version mismatches (SKILL.md v0.7.0 vs registry 2.0.0 vs package.json 0.5.7) and README install instructions that reference an external GitHub repo; these inconsistencies reduce confidence in provenance but do not by themselves contradict the claimed purpose.
!
Instruction Scope
Scripts read and write many workspace files and can delete/move task files (pack-skill deletes tasks after archiving) and remove lock files (monitor). create-task.js writes tasks relative to the skill directory (path.join(__dirname,'../tasks')), while heartbeat/monitor/pack-skill resolve TASKS_DIR from OPENCLAW_WORKSPACE or defaults under ~/.openclaw/... — this inconsistent TASKS_DIR handling can cause tasks to be created in one location and processed (or not) in another. start-reviewer.js includes a child_process execSync import and pseudocode describing sessions_spawn but does not implement secure spawning; reviewers are expected to run as sub-agents but the integration is manual/underspecified. Overall the runtime instructions and scripts have broad discretion to modify the user's workspace and perform destructive actions (unlink), which is proportional to packaging tasks but should be explicit to users.
Install Mechanism
No install spec and no external downloads; all behavior is from included scripts (Node.js). That lowers supply-chain concern — nothing is fetched from unknown URLs during install. However, running the scripts will perform filesystem changes.
Credentials
The registry metadata declares no required environment variables or credentials, and SKILL.md documents optional env vars (OPENCLAW_WORKSPACE, EVOLUTION_TASKS_DIR, EVOLUTION_SKILLS_DIR, EVOLUTION_ARCHIVE_DIR). This is reasonable, but the scripts rely on these vars (or defaults) to determine filesystem targets — the absence of explicit required env vars in metadata is acceptable but users should be aware the scripts will operate on paths derived from these variables (and defaults under ~/.openclaw). No network credentials are requested by the skill files.
!
Persistence & Privilege
always is false and model invocation is allowed (normal). However pack-skill.js will move completed tasks into an archive and will reference and potentially write into the user's SKILLS_DIR (e.g., update skill directories). Monitor scripts will remove lock files and reset task states. These behaviors modify the user's workspace and can delete/move files; combined with autonomous use (agent can spawn scripts via heartbeat/cron), this elevates the practical privilege and warrants running in an isolated/test workspace first.
Scan Findings in Context
[child_process_execSync] expected: start-reviewer.js requires child_process.execSync (imported at top). Using child_process is plausible for orchestration, but the script does not actually show safe use of execSync — it prints a pseudocode sessions_spawn flow instead. Presence of execSync is expected but should be reviewed; unused or poorly handled execution could be dangerous if later modified to run arbitrary commands.
[fs_read_write_unlink] expected: Multiple scripts perform extensive filesystem operations (read/write JSON task files, unlink task files and lock files, create archive entries, move files). This is expected for a task orchestration/packaging tool, but the destructive operations (fs.unlinkSync) mean you should not run these scripts against a production workspace without backups or isolation.
What to consider before installing
This skill implements a multi-agent orchestration system and will read, write, move, and delete files in your OpenClaw workspace (tasks, locks, archive, skills). Before installing or running: 1) Run it in an isolated test workspace (set OPENCLAW_WORKSPACE to a disposable directory) to observe behavior. 2) Inspect and test create-task, heartbeat-coordinator, monitor, pack-skill, and start-reviewer in isolation — note pack-skill deletes task files after archiving. 3) Fix or align TASKS_DIR resolution if you expect tasks in a single location (create-task uses __dirname relative path while other scripts use WORKSPACE-derived paths). 4) Remove or review any use of child_process.execSync and ensure sessions_spawn integration is implemented safely (avoid executing untrusted strings). 5) Backup any existing tasks/skills before first run, and prefer running with least privilege and in an isolated agent/session. If you need higher assurance, ask the author for provenance (homepage/repo) and a unified versioned release.

Like a lobster shell, security has layers — review code before you run it.

latestvk9723kvggb2j0fr5eyyv22m48983td8t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments