Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Self Evolve
v3.0.0Agent 自主进化引擎——让 AI agent 像生物进化一样持续变强。 核心循环:感知差距 → 搜索方案 → 设计实验 → 跑实验 → 选赢家 → 固化 → 下一轮。 使用场景:定期自主进化、能力升级、工作流优化、skill/工具迭代。 关键词:进化, evolution, self-improve, A/B...
⭐ 1· 1.2k·7 current·8 all-time
by@mikonos
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (self-evolution of the agent) match the instructions: scanning state.json, running experiments, registering winners, and writing evolution reports. However the skill's claimed capabilities include installing/upgrading tools and modifying agent configs/code (AGENTS.md, TOOLS.md, actual codebases). Those are powerful side-effects that are consistent with 'self-evolve' but are not reflected in any manifest permissions or install-time safeguards. The README even suggests running npx clawhub install, but the skill itself contains no install spec — coherent but operationally heavyweight.
Instruction Scope
Runtime instructions explicitly tell the agent to read/write memory/evolve/state.json, append metrics JSONL, execute telemetry_hook 'command' entries (arbitrary shell commands such as 'cat xxx.log | tail -n 20'), search web/GitHub/Reddit for solutions, deploy chosen solutions, and 'physically solidify' changes into AGENTS.md/TOOLS.md or code. Collecting telemetry via arbitrary shell commands and then using results to modify code/configs grants broad file and system access and could be used to read secrets or exfiltrate data. The guidance relies on agent self-discipline ( Anti-Pseudo Constraint, quality checklist ) but there is no technical enforcement.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to execute; that limits on-disk attack surface. The README's optional npx command is informational only. From an install-mechanism perspective, risk is low because nothing is downloaded or installed by the skill bundle itself.
Credentials
The skill declares no required environment variables or credentials, which superficially is proportional. In practice, the instructions allow running arbitrary shell commands and touching many repo/agent files (memory/evolve, AGENTS.md, TOOLS.md, SOUL.md, logs), and instruct the agent to fetch code/solutions from external sources. Those behaviors can access secrets, tokens, or private files even though no env vars are declared. The manifest therefore understates the level of access the skill expects.
Persistence & Privilege
always is false (good), but the normal autonomous invocation is allowed. Combined with explicit instructions to permanently 'solidify' changes to agent configuration and code, and to register experiments in persistent state files, the skill can change the agent's long-term behavior across restarts. The skill includes human-confirmation rules for high-risk changes in prose, but these are not enforced by the platform — giving a potentially high blast radius if the agent runs autonomously and ignores the guardrails.
What to consider before installing
This skill is coherent with a self-improvement purpose but gives the agent authority to run arbitrary shell commands, read logs and local files, search the web, and modify agent configs and code. Those actions can read secrets or permanently change behavior. Before installing: (1) only run in a sandboxed container or VM, (2) ensure backups/version control for files the skill can change, (3) restrict file permissions so it cannot read sensitive logs/configs, (4) require explicit human approval for any high-risk 'solidify' steps and enforce that outside the skill, and (5) audit any telemetry_hook commands and any external sources the agent is allowed to fetch from. If you cannot enforce those mitigations, treat this skill as unsafe to enable for autonomous runs.Like a lobster shell, security has layers — review code before you run it.
latestvk972eef3zgsr1ybaxvpecd9ngh81ypp7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.