ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Lifecycle

Manage the lifecycle of autonomous agents and their skills. Version configurations, plan upgrades, track retirement, and maintain change history across agent...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 681 · 4 current installs · 4 all-time installs
byArcSelf@Trypto1019
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description promises comprehensive lifecycle tracking (environment vars, model assignments, feature flags, 'last used'). The included script only scans ~/.openclaw/skills and workspace/skills for SKILL.md, gathers basic metadata (name, path, file count, size, last modified) and writes snapshots/history to ~/.openclaw/lifecycle. Several claimed capabilities (capturing environment variable values, model assignments, last-used timestamps, feature-flag state) are not implemented — this is a substantive mismatch between stated purpose and actual capability.
Instruction Scope
Runtime instructions tell the user to run the included Python script with snapshot/diff/list/rollback/retire/history commands. The script reads the user's home directory (~/.openclaw/skills and workspace), SKILL.md files, and computes file sizes/counts; it writes JSON snapshots and logs to ~/.openclaw/lifecycle. There are no network calls or attempts to read arbitrary system files or environment variables. It does access user home and skill files (expected for this purpose), so scope is mostly appropriate, but the SKILL.md text over-promises data it will collect.
Install Mechanism
No install spec; instruction-only with a bundled Python script. Required binary is python3, which is reasonable. Nothing is downloaded or extracted from external URLs.
Credentials
No environment variables or credentials are requested. The script does not read environment variables or external secrets. It only reads files under standard per-user OpenClaw paths and writes snapshots to ~/.openclaw/lifecycle, which is proportional to lifecycle management.
Persistence & Privilege
The skill is not always: true and is user-invocable. It writes only to ~/.openclaw/lifecycle and does not modify other skills or system-wide settings. It does not persist across agents beyond its own snapshot files.
What to consider before installing
This package provides a small Python tool that scans your per-user OpenClaw skill directories and writes JSON snapshots to ~/.openclaw/lifecycle. It does not request credentials or make network calls. However, the SKILL.md claims it records environment variables, model assignments, 'last used' timestamps, and feature flags — the included script does not implement those features. Before installing or relying on it: (1) Inspect the saved JSON snapshots in ~/.openclaw/lifecycle to confirm they only contain the metadata you expect (paths, file counts, sizes, SKILL.md frontmatter). (2) If you need the additional tracking (env vars, model assignments), ask the maintainer for clarification or an updated implementation. (3) Consider file permissions on ~/.openclaw/lifecycle because snapshots contain file paths and metadata that could be sensitive if shared. (4) If you expect automated/autonomous invocation, note this skill can be invoked by the agent (disable-model-invocation is false) — that’s normal but increases blast radius if the skill were later modified to collect more data. If you want a higher-assurance verdict, provide the developer/source identity or an updated script that actually implements the claimed tracking so I can re-evaluate.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk9799586vj5esh1ezzp8t4x7pn8199q7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔄 Clawdis
OSmacOS · Linux
Binspython3

SKILL.md

Agent Lifecycle Manager

Track your agent's evolution from deployment to retirement. Version configurations, plan skill upgrades, and maintain a complete change history.

Why This Exists

Agents evolve constantly — new skills installed, old ones retired, configurations changed, models swapped. Without lifecycle tracking, you cannot answer: "What was my agent running last Tuesday?" or "What changed when things broke?"

Commands

Snapshot current agent state

python3 {baseDir}/scripts/lifecycle.py snapshot --name "pre-upgrade"

Compare two snapshots

python3 {baseDir}/scripts/lifecycle.py diff --from "pre-upgrade" --to "post-upgrade"

List all snapshots

python3 {baseDir}/scripts/lifecycle.py list

Rollback to a snapshot

python3 {baseDir}/scripts/lifecycle.py rollback --to "pre-upgrade" --dry-run

Track a skill retirement

python3 {baseDir}/scripts/lifecycle.py retire --skill old-skill --reason "Replaced by new-skill v2"

View change history

python3 {baseDir}/scripts/lifecycle.py history --limit 20

What It Tracks

  • Installed skills: Name, version, install date, last used
  • Configuration state: Environment vars, model assignments, feature flags
  • Change events: Installs, updates, removals, config changes
  • Retirement log: Why skills were removed, what replaced them
  • Snapshots: Point-in-time captures of full agent state

Data Storage

Lifecycle data is stored in ~/.openclaw/lifecycle/ as JSON files.

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…