Skill Evolve
v1.0.0自进化技能管理器 — 复杂任务后自动将经验固化为 SKILL.md,下次同类任务直接复用
⭐ 0· 65·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (auto-solidify experience into SKILL.md) matches the instructions: all guidance focuses on creating, editing, listing and deleting SKILL.md under ~/.openclaw/workspace/skills. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
Instructions explicitly instruct writing, editing, viewing, and deleting files in ~/.openclaw/workspace/skills and reference using `write`/`edit` tools and shell commands (ls, cat, rm -rf). They do not instruct reading arbitrary system files or environment variables, but the examples encourage recording environment-specific details which could lead to persisting secrets or sensitive config data if operators are careless. The use of rm -rf in examples is potentially dangerous if misapplied.
Install Mechanism
No install spec and no code files — lowest-risk, instruction-only skill. Nothing will be downloaded or written by an installer as part of skill installation.
Credentials
The skill requests no env vars or credentials (proportional), but its purpose (recording environment-specific issues) means users or the agent might accidentally write passwords, tokens, or other secrets into SKILL.md files. There is no guidance in the doc to avoid storing secrets or to use a secret store.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide configuration changes or other skills' credentials. It prescribes creating files within a specific workspace path, which is normal for a skill manager. Note: default autonomous invocation is allowed by platform but is not a specific additional risk here.
Assessment
This skill is coherent and low-risk as delivered, but review these before installing: 1) Confirm the agent's `write`/`edit` tools are sandboxed to ~/.openclaw/workspace/skills and cannot escape to other paths. 2) Do not store passwords, API keys, or other secrets in SKILL.md; add a guideline or filter to redact secrets before saving. 3) Replace or limit examples that use `rm -rf` with safer deletion flows (e.g., prompts, trash, or targeted removal) to avoid accidental data loss. 4) Set restrictive file permissions on the workspace and periodically audit SKILL.md contents for sensitive data. If you cannot verify the agent tools' filesystem boundaries, consider running this skill in a restricted/test agent first.Like a lobster shell, security has layers — review code before you run it.
latestvk975pwpnbfr02aycvy8kfh5vy584mzm0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.