Revolution Auto-Evolution
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill openly implements autonomous multi-agent task execution, but it can keep running on a schedule and advance work without strong human approval or fail-closed safeguards.
Install only if you intentionally want autonomous agents to work through task files. Start in a sandbox workspace, do not enable cron until you add scope limits and manual approval gates, verify the package source/version, and monitor or disable the scheduler when not actively using it.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Once enabled, the system may continue processing tasks and directing sub-agents without the user approving every step.
The setup recommends a recurring coordinator job; combined with the documented sub-agent loop, this can keep autonomous work running beyond a single user action.
openclaw cron add --agent <your-agent> ... --every 5m ... --message "Evolution heartbeat: scan and process tasks."
Use this only in a sandbox or tightly scoped workspace, avoid cron until you are comfortable with the behavior, and add clear stop conditions and manual approvals for impactful changes.
Malformed or unreliable reviewer output can bypass the intended quality gate and move the workflow toward execution.
If reviewer output cannot be parsed, the coordinator fails open by approving it and marking the task reviewed instead of stopping for correction.
catch (err) { ... review = { verdict: 'approve', feedback: reviewResult, next_instructions: null }; } ... data.status = 'reviewed';Fail closed on parse errors, keep the task in a pending or error state, and require valid structured review output or human confirmation before execution.
A task file can cause an agent to make broad local workspace changes according to its goal, with no artifact-backed containment rules.
The skill delegates open-ended implementation and verification work to an executor sub-agent without defining command, file, or mutation boundaries.
phase=execute → spawn Executor sub-agent ... Executor: Implements one subtask, runs verification
Constrain executor agents to specific directories and safe commands, and require approval for destructive, publishing, credentialed, or production-impacting actions.
If task files or prior agent outputs contain bad instructions, those instructions can steer later sub-agents.
Model-generated review instructions are persisted into task JSON and later reused as executor context.
data.review = { ... next_instructions: review.next_instructions || null } ... const instructions = task.review?.next_instructions;Treat evolution task files as trusted inputs, review stored instructions before execution, and keep the tasks directory access-controlled.
It is harder to verify that this is the intended package before enabling powerful automation.
The package includes runnable scripts, but the registry/provenance metadata does not identify an authoritative source or fully declare runtime setup.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; Code file presence 3 code file(s)
Verify the publisher, source, skill name, and version, and inspect the included scripts before configuring heartbeat or cron.