Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
QClaw Self-Evolver
v1.0.1AI Agent 自我进化引擎。基于 OpenSpace + HermesAgent 理念,实现技能质量监控、学习记录自动处理、工作流模式提炼、自动创建新技能。触发场景: (1) 用户说「升级/完善/优化」相关 → 触发技能自进化 (2) 用户想了解「还记得什么/搜一下记忆」→ 触发语义记忆搜索 (3) 用户想「...
⭐ 0· 43·0 current·0 all-time
by理想菇@qshan1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (self‑evolver for agent learning and generating skills) matches the included scripts and runtime actions: creating a workspace .learnings/, recording corrections, measuring skill metrics, running SEA (Sense/Assess/Evolve), and generating skill candidates. No unrelated env vars or external services are required.
Instruction Scope
SKILL.md and the scripts instruct the agent to create and write files under the workspace (LEARNINGS.md, ERRORS.md, pending.md, skill_metrics.json, skills/...), register a cron job (via openclaw.cron if available), and auto-generate SKILL.md files for new skills. These behaviors are consistent with the stated functionality but do grant the skill write access to a persistent workspace and the ability to create new skill descriptors automatically — review generated skills before trusting them.
Install Mechanism
No network downloads or package installs; code is included in the skill bundle and the install script copies local files into ~/.qclaw/workspace. This is a low-risk install mechanism (local file writes only).
Credentials
No credentials or sensitive environment variables are requested. The only environment usage is an optional QW_WORKSPACE path override (defaults to ~/.qclaw/workspace). No attempts to read system-wide config or secrets were detected.
Persistence & Privilege
The skill registers a recurring task (cron every 3 days) and writes persistent files to the user's workspace. always:true is not set. Persistent presence via cron and on-disk artifacts is expected for this functionality but increases persistence and should be considered before installation.
Assessment
This skill appears internally consistent and performs only local operations (no networking or credential access). Before installing: (1) back up any existing ~/.qclaw/workspace data you care about; (2) inspect the generated files under ~/.qclaw/workspace/.learnings and ~/.qclaw/workspace/skills to confirm generated SKILL.md contents are safe before using them as active skills; (3) if you don't want automatic cron tasks, skip the cron registration step or register manually; (4) consider running the scripts in a sandboxed environment first. If you need higher assurance, request code signatures or a trusted upstream source for this skill package.Like a lobster shell, security has layers — review code before you run it.
latestvk97cd8hn4p7a0qexavzmtmg1qn84rr6elearningvk977w9pqfan6c9q1hj14mj6w9184rn0nqclawvk977w9pqfan6c9q1hj14mj6w9184rn0nself-evolutionvk977w9pqfan6c9q1hj14mj6w9184rn0n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.