ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

马斯克进化系统

v1.0.0

统一进化系统,自动化技能发现、评估、安装、进化。当用户需要技能管理、系统进化、能力评估、技能搜索安装时使用此技能。支持ClawHub技能搜索、VFM评估、自动安装、每日进化流程。

0· 38·0 current·0 all-time
by@skillforge-jojo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
SKILL.md claims search across ClawHub/GitHub/SkillHub and automatic install/evolution flows, but the package declares no required binaries, no env vars, and no install spec. The included Python file does not implement network search or installer integrations — it only manages local records and tests and contains a hardcoded Windows workspace path (C:/Users/USER/.qclaw/workspace/evolution). Expectation mismatch: a skill that auto-discovers and installs other skills would normally list required CLIs, network access, or credentials; those are absent.
!
Instruction Scope
The runtime instructions direct the agent to perform broad actions: search multiple platforms, evaluate by VFM, and automatically install skills (examples show 'clawhub install' and 'skillhub install'), plus daily scheduled tasks that fetch and install code. These steps can cause the agent to download and execute arbitrary third‑party code. The SKILL.md also references writing logs (evolution/REFLECTION.md) and functions like install_or_create without limitations or safety checks. The instructions grant broad discretion to pull external artifacts without declaring safeguards.
Install Mechanism
There is no install spec (instruction-only install) so the skill itself doesn't drop installers during package install — this is lower static install risk. However, the SKILL.md explicitly instructs using external installers/CLIs (clawhub/skillhub) which are not declared as required binaries. That omission is an incoherence: the skill expects external tools but does not list them, and those tools would download/execute third‑party code.
Credentials
The skill requests no environment variables or credentials (good), but the code hardcodes a Windows user path and the instructions imply access to system state and possible network/private repos. Automatic installation of skills from GitHub or other hubs may require tokens for private content — none are declared. The lack of declared credentials combined with instructions to perform network installs is an incompleteness to be clarified.
Persistence & Privilege
always:false (default) and autonomous invocation is allowed (platform default). While that alone is not a showstopper, the skill's intended behavior (daily scheduled discovery and automatic installs) combined with autonomous invocation increases potential impact: if allowed to run unattended it could fetch and install external code repeatedly. The skill does not declare modifying other skills' configs explicitly, but the install flow implies it may.
What to consider before installing
This skill is 'suspicious' because its documentation promises automated discovery and installation of third‑party skills but the package doesn't declare the CLIs, credentials, or platform access needed and the shipped code doesn't implement the claimed integrations. Before installing or enabling it, consider: - Verify the source and trustworthiness of the skill (homepage and author are missing). - Do not enable fully autonomous operation until you understand exactly what installers it will call and what code those installers will fetch. Prefer manual approval for each install. - Ensure required CLIs (clawhub, skillhub) exist and are trusted; ask the author to list required binaries and permissions. - Inspect any skill the system would install (review code) before permitting execution; test in a sandbox environment. - Ask the author to remove hardcoded filesystem paths and to clarify where logs and artifacts will be written. - If you must use it, restrict its network and filesystem permissions and avoid granting credentials for private repos unless absolutely necessary. If the author can provide (a) an implementation that actually integrates with the listed platforms, (b) an explicit list of required CLIs/permissions, and (c) safety controls for auto‑install (e.g., allowlist, signature checks, manual approval), reassess — that could move this from 'suspicious' toward 'benign'.

Like a lobster shell, security has layers — review code before you run it.

latestvk97117g7wqtgfs43yb3t0p3wtx84q13c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments