ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Auto Evolver

v0.1.1

Analyze and improve OpenClaw agent skills by tracking usage, checking skill health, scanning code quality, and generating actionable improvement suggestions....

0· 247·4 current·4 all-time
byhaidong@harrylabsj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (analyzer/monitor/reporter for skills) aligns with the included code: it inspects SKILL.md, package.json and Python code, records usage, and generates reports. However the registry/manifest states 'No install spec — instruction-only' while the package includes code, package.json, requirements.txt and a CLI; that mismatch is an inconsistency. The README and SKILL.md suggest installation via 'clawhub install', but no install spec exists in the registry metadata.
Instruction Scope
Runtime instructions and the CLI drive local analysis: reading skill directories (defaults to ~/.openclaw/skills), parsing SKILL.md, package.json and Python source, and writing reports/databases under the user home (~/.openclaw/skill-evolver). Those actions are expected for this tool. Caveat: because it reads arbitrary files under the skills directory, it can access any accidentally stored secrets or configuration present in other skills; the behavior is coherent with the stated purpose but may expose sensitive data if skills store credentials in their repos.
!
Install Mechanism
There is no install spec in the registry but the bundle includes code, requirements.txt, and package.json. That absence of an explicit install mechanism is inconsistent and increases risk (user guidance suggests 'clawhub install' or pip install -r requirements.txt). The presence of package.json (a Node metadata file) in a Python project is odd but not malicious by itself. No network downloads or external installers are present in the provided code.
Credentials
The skill requests no environment variables or external credentials. It stores data locally under the user's home (~/.openclaw/skill-evolver) and reads from ~/.openclaw/skills by default. No access to unrelated cloud credentials, tokens, or system-wide config paths is requested.
Persistence & Privilege
always is false and the skill does not request elevated privileges; it persists a SQLite DB in the user's home directory (expected for a monitoring/reporting tool). Autonomous invocation is allowed by default (normal), but there is no evidence of modifications to other skills' configs or system-wide changes.
What to consider before installing
This package appears to implement the advertised analyzer/monitor/reporter functionality, but I found multiple red flags you should consider before installing: - Source verification: the package's source/homepage is 'unknown' and the registry listed it as instruction-only while the bundle contains code. Prefer installing only from a trusted repository (official OpenClaw repo or a verified release). - Local data access: the tool reads all files under the skills directory (default ~/.openclaw/skills) and writes a SQLite DB to ~/.openclaw/skill-evolver/skill_evolver.db. That is expected for this tool, but any sensitive data accidentally stored inside a skill (API keys, tokens, credentials) could be read and stored in the DB. Inspect your skills for secrets before running a bulk analysis. - Code quality bugs: there are clear implementation issues (examples: truncated/buggy return in database.add_feedback returning an undefined variable 'c'; some function calls in CLI/reporter reference methods like get_all_skills or get_feedback_stats that are not visible in the truncated model and may be missing or buggy). These likely lead to runtime errors. Treat the tool as experimental until you run it in a safe environment. - Installation and execution: because the registry lacks an install spec, prefer installing into a virtualenv, container, or isolated machine. Install dependencies (pip install -r requirements.txt) only after reviewing the code locally. - Mitigations: run the CLI with a non-default skills_dir pointing to a copy of the skills you want to test, inspect the generated DB file, and avoid running as root. If you intend to use it widely, request the upstream source, check commit history, and run tests in a sandbox. If you can provide the canonical source URL (GitHub repo or release tarball) and confirm whether all referenced DB and helper methods are implemented, I can raise or lower the risk assessment. In particular, evidence of networking code, undisclosed external endpoints, or hidden credential access would increase the severity.

Like a lobster shell, security has layers — review code before you run it.

latestvk9730hrkdn7d21vnb2cem9ax3s82twbw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments