Verified Capability Evolver
v1.0.5Safely improve agent capabilities with structured verification, rollback, and promotion gating. Enhances existing evolution workflows with optional Settlemen...
⭐ 0· 182·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (verification, gating, rollback) match the included artifacts: reminder hook, error detector, extraction helper, templates and documentation for promoting learnings. The code and docs are proportional to the stated goal of capturing and verifying learnings before promotion.
Instruction Scope
SKILL.md restricts verification to structured task data and warns not to include secrets. The included activator and error-detector scripts only emit reminders and scan a tool-output env var; extract-skill.sh scaffolds files under a relative ./skills directory. Note: the error-detector reads CLAUDE_TOOL_OUTPUT (an env var) even though the skill metadata lists no required env vars — this is a minor mismatch you should be aware of.
Install Mechanism
No network downloads or installers are present. The skill is distributed as files (scripts, hooks, docs) that the user installs or copies into their workspace; that's proportionate for an OpenClaw/OpenClaw-like integration. One metadata inconsistency: registry listed 'instruction-only' but code files and hooks are included — the package is not purely instruction-only.
Credentials
The package requests no credentials or config paths. The only environment access observed is reading CLAUDE_TOOL_OUTPUT in scripts (used to detect command failures) and optional guidance for providing a SettlementWitness agent_id (wallet address form) if that external system is used. These are plausible for the tool's purpose, but CLAUDE_TOOL_OUTPUT was not declared in the registry metadata.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or global agent settings automatically. Hooks are opt-in and the code injects virtual bootstrap content or writes to workspace-relative paths only when you enable and run the scripts.
Assessment
This skill appears coherent and benign for its stated purpose, but review these before enabling: 1) Inspect scripts (scripts/*.sh) and hook handlers — they only emit reminders and scaffold local files, but confirm you’re comfortable with writes under your workspace (the extract script creates ./skills/<name>). 2) The error-detector reads CLAUDE_TOOL_OUTPUT even though no env vars are declared — ensure your environment exposes that variable as intended and that its contents do not contain sensitive data you’d mind being logged to .learnings/. 3) SettlementWitness is optional but mentions a wallet-based agent_id — do not supply private keys or secrets; follow the SKILL.md guidance to never include secrets in verification data. 4) Enable hooks only intentionally (per references/hooks-setup.md); prefer the minimal activator-only setup if you want lower intrusion. 5) The package metadata claims 'instruction-only' despite including code; if you need a pure docs-only integration, remove or ignore the scripts/hooks. If you want additional assurance, run the scripts in a sandboxed test workspace and verify behavior before enabling them in a real environment.Like a lobster shell, security has layers — review code before you run it.
agentsvk976mt010vehz5fqesdcsfwjbn83m79alatestvk970x3xx55veyw52rk3d79ka3d83vxrxself-improvingvk976mt010vehz5fqesdcsfwjbn83m79averificationvk976mt010vehz5fqesdcsfwjbn83m79a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.