Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Self-Evolution Cognition
v1.1.0核心自进化认知框架 —— 基于 SOUL 五律的 Agent 自我进化操作系统
⭐ 0· 207·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md and README claim a runnable Python class (SelfEvolutionCognition) that persists memory files, performs redline checks, and exposes methods like evolve() and inject_human_feedback(). However, the package contains only markdown files (no .py or executable code). That is inconsistent: either the implementation is missing from the bundle or the documentation is misleading.
Instruction Scope
The instructions and verification protocol instruct running shell/python commands (e.g., grep on skills/*.py, python import of SelfEvolutionCognition, asserting presence of VERIFICATION_LOG.md) and expect the skill to write/read files like VERIFICATION_LOG.md and known_unknown_cache.json. Because there is no code included, these runtime instructions are not backed by implementation and could cause an agent or user to execute commands that do things on disk without an actual contained implementation to audit.
Install Mechanism
No install spec or code is included—this lowers supply-chain risk in that nothing will be automatically downloaded/installed by the skill itself. However, the README suggests using 'clawhub install' or copying a skills directory; those steps assume a codebase exists elsewhere (e.g., GitHub). The absence of an install artifact means the documentation is incomplete or the implementation resides off-bundle and must be fetched—this fetch step is not specified and would be higher-risk if performed automatically.
Credentials
The skill declares no required environment variables, binaries, or credentials. That is proportionate to the documentation. Nevertheless, the skill expects to read/write files in the user's workspace and run local verification commands, so filesystem access is required in practice even if not declared as env/config requirements.
Persistence & Privilege
The design explicitly requires persistent file writes (VERIFICATION_LOG.md, known_unknown_cache.json, heartbeat logs). That persistence is coherent with the 'file as memory' claim but is a material security/privacy consideration: persistent files can contain sensitive intermediate reasoning and may be read by other processes. The skill does not request elevated platform privileges (always:false), but it does assume the ability to write into the workspace.
What to consider before installing
This bundle contains only documentation describing a Python skill that will write persistent files and run verification shell/python commands, but it does not include the implementation code. Do not run the suggested grep/python commands or copy/install code from unknown sources until you verify the real implementation repository. Before installing or running anything: 1) Inspect the GitHub repo linked in the homepage (confirm it actually contains the SelfEvolutionCognition .py files and review them). 2) If you must test, do so in an isolated sandbox/container and monitor file writes and network activity. 3) Audit any code that writes VERIFICATION_LOG.md, known_unknown_cache.json, or similar for sensitive data leakage and for safe handling of shell commands (ensure no use of unsanitized shell.exec). 4) Prefer a release with actual code included in the skill bundle or a clearly specified, trustworthy install source (GitHub releases) rather than only docs. If you want, provide the linked repository contents and I can re-evaluate the implementation for coherence and risk.Like a lobster shell, security has layers — review code before you run it.
agivk973s30ys29aez256nr67r6ecx83yf62cognitionvk973s30ys29aez256nr67r6ecx83yf62latestvk977w2rg37wjhcmq6db5sqkya983y9mgmetacognitionvk973s30ys29aez256nr67r6ecx83yf62self-evolutionvk973s30ys29aez256nr67r6ecx83yf62soulvk973s30ys29aez256nr67r6ecx83yf62
License
MIT-0
Free to use, modify, and redistribute. No attribution required.