Self Skill Evolver
v0.1.2Analyze and improve OpenClaw agent skills by tracking usage, checking skill health, scanning code quality, and generating actionable improvement suggestions....
⭐ 0· 172·0 current·0 all-time
byhaidong@harrylabsj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name/description match its behavior: it reads SKILL.md, package.json and Python files under a skills directory and records usage/health metrics. However, the registry metadata claims "instruction-only" (no install spec) while the package actually contains multiple Python modules and a CLI; that's an inconsistency worth checking. The tool also writes a SQLite DB under the user's home (~/.openclaw/skill-evolver) which is coherent with monitoring functionality but should be noted.
Instruction Scope
SKILL.md and the code instruct the agent to analyze skill directories, parse files, compute scores, and write reports. The analyzer only reads files and uses ast.parse (static parsing) — it does not appear to execute inspected code. It will read arbitrary SKILL.md, package.json and .py files from the configured skills directory (default ~/.openclaw/skills) and store metadata and logs; this is in-scope for the stated purpose.
Install Mechanism
No install spec is provided (instruction-only in registry), so nothing will be fetched automatically by the platform. The repo includes a requirements.txt and package.json indicating Python dependencies (PyYAML, GitPython, etc.); installing manually would require standard Python package installation. No remote download or opaque installer URLs are present in the provided files.
Credentials
The skill does not request environment variables, external credentials, or special binaries. It reads/writes to the user's home directory and SQLite DB, which is proportionate to monitoring and reporting functionality.
Persistence & Privilege
The skill persists data locally (SQLite DB under ~/.openclaw/skill-evolver) and will create directories there. always: false and no elevated privileges are requested. Autonomous invocation is enabled by default (platform default) but is not combined with other concerning flags here. Still, persistence means it will keep logs and reports on disk — be aware of what data may be recorded.
Assessment
This package is broadly coherent with its described purpose (static analysis, monitoring, reporting). Before installing: 1) Inspect the code yourself — there are several code-quality/runtime issues (truncated/buggy functions) that could cause errors; for example, database.models appears to be truncated and references or returns undefined symbols (e.g., add_feedback returns 'c'), and CLI/reporter call methods like get_all_skills and get_feedback_stats which aren't visible in the included model code. 2) Be aware it will read all files under the skills directory (~/.openclaw/skills by default) and store analysis and usage logs in ~/.openclaw/skill-evolver/skill_evolver.db — do not run it if those directories contain secrets you don't want duplicated. 3) If you plan to install, prefer reviewing and running the package in a disposable environment (virtualenv or container), and consider auditing or fixing the apparent bugs (missing functions, inconsistent data handling) before using it in production. If you want, I can point out the specific locations of the suspicious code snippets and list the functions referenced but missing so you can inspect or patch them.Like a lobster shell, security has layers — review code before you run it.
latestvk977k3gm7jpje4f9dpdqpbk01582v941
License
MIT-0
Free to use, modify, and redistribute. No attribution required.