ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Auto Improver Pro

v1.0.1

Auto-improving AI skill that learns from every execution and continuously optimizes itself. 17-minute autonomous loop with feedback collection and pattern ex...

0· 125·1 current·1 all-time
by@pagoda111king
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to collect execution data from other skills, extract patterns, and 'auto-execute' optimizations, but requests no environment variables, config paths, or binaries and provides no code or install steps that would grant it access to other skills' logs or telemetry. The listed dependency 'skill-evolver' is not supplied. This mismatch (claims vs. required/available artifacts) is unexplained.
!
Instruction Scope
SKILL.md instructs running a 'self-improving-skill' CLI (start, analyze-feedback, status, instincts list) and references local encryption and data collection, yet the package contains no binary or scripts and gives no guidance about where and how to collect other skills' execution data. The instructions implicitly assume access to other skills' runtime data without specifying files, APIs, or permissions.
!
Install Mechanism
There is no install specification (instruction-only skill) and no code files despite package.json referencing src/index.js. The README and SKILL.md mention 'clawhub install' and 'clawhub' metadata, but no install artifact is present. This is inconsistent and suggests the published bundle is incomplete or intentionally missing implementation details.
!
Credentials
No environment variables, credentials, or config paths are declared, yet the skill claims to collect potentially sensitive execution/feedback data and to perform local encryption and desensitization. The lack of declared required permissions or storage locations is disproportionate to the described data collection and makes it unclear how data access or storage would be secured.
Persistence & Privilege
always is false (no forced-permanence). Model invocation is allowed (the platform default), so the skill could be invoked autonomously if enabled by the agent. That normal capability combined with unclear data-access mechanisms increases risk, but there is no evidence the skill demands persistent platform-wide privileges or alters other skills' configs.
Scan Findings in Context
[no_code_files_detected] unexpected: package.json references main: src/index.js and provides start/test scripts, but no src/ files or install artifacts are included. For a CLI-style skill this absence is unexpected and unexplained.
[no_regex_findings] unexpected: Regex scanner found nothing — consistent with an instruction-only bundle, but SKILL.md's runtime commands imply a binary that is not present, so the lack of code makes the absence of findings uninformative.
What to consider before installing
This package is internally inconsistent: it promises a CLI that auto-collects and optimizes other skills but ships no code or install instructions and declares no permissions or storage locations. Before installing, ask the publisher for: (1) the source code or a link to a repository/release, (2) exact install artifacts (binary or package) and how 'clawhub install' obtains them, (3) what data is read (which files, APIs, or logs), where data is stored, and how encryption/desensitization is implemented, and (4) what dependencies like 'skill-evolver' do and whether they are published. Do not enable autonomous invocation in production or grant broad filesystem/API access until you can verify the code and run it in a sandbox. If the author cannot supply code and a reproducible install, treat the skill as incomplete and avoid installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk978yhs0z9b5tycyswt6cw1wp984r1a6
125downloads
0stars
2versions
Updated 6d ago
v1.0.1
MIT-0
@pagoda111king
latest
Download

Auto-Improver Pro - 自动改进专家

版本:v1.0.0
定位:L3 进化层 - 自进化 AI 技能引擎
状态:✅ 生产就绪(17 分钟自主循环)

📖 技能说明

Self-Improving Skill 是一款自进化 AI 技能,通过 17 分钟自主执行循环,自动从每次执行中学习、提取模式、持续优化自身。核心价值:让技能越用越聪明,自动捕获用户反馈、识别高效模式、生成优化建议并执行优化。

与 self-improving-agent 的区别

  • ✅ 更快的执行循环(17 分钟 vs 30 分钟)
  • ✅ 更智能的反馈收集(自动 + 手动双模式)
  • ✅ 更强大的模式提取(支持 8 种模式类型)

适用场景

  • ✅ 技能自优化(让技能自动改进)
  • ✅ 用户反馈分析(分析确认/反对反馈)
  • ✅ 模式提取(从历史执行中提取模式)
  • ✅ 性能优化(识别瓶颈并优化)

🎯 使用场景

场景 1:技能自优化

任务:「让 first-principle-analyzer 自动优化」

使用方式

self-improving-skill start \
  --skill="first-principle-analyzer" \
  --mode="auto" \
  --interval="17m"

预期结果

  • 自动收集执行数据
  • 识别 3+ 个高效模式
  • 生成 5+ 条优化建议
  • 自动执行优化

场景 2:用户反馈分析

任务:「分析过去 7 天的用户反馈」

使用方式

self-improving-skill analyze-feedback \
  --skill="skill-name" \
  --period="7d"

预期输出

  • 反馈统计(确认/反对比例)
  • 置信度调整建议
  • 优化优先级排序

💰 定价方案

版本价格功能适用对象
个人版¥199/年基础自进化循环、10 次提取/月个人开发者
商业版¥1999/年个人版 + AI 建议、100 次提取/月、A/B 测试小型团队
企业版¥19999/年商业版 + 无限提取、私有部署、SLA 保障中大型企业

❓ FAQ

Q1: 17 分钟循环如何工作?
A: 观察(5 分钟)→ 检测(3 分钟)→ 提取(5 分钟)→ 聚合(4 分钟)= 17 分钟完整循环。

Q2: 如何保护数据隐私?
A: 所有数据本地加密存储,支持敏感信息自动识别和脱敏。

Q3: 支持多少技能同时优化?
A: 个人版 3 个技能,商业版 10 个技能,企业版无限。

🚀 快速开始

# 安装
clawhub install self-improving-skill

# 启动自进化循环
self-improving-skill start --skill="skill-name" --interval="17m"

# 查看状态
self-improving-skill status

# 查看提取的模式
self-improving-skill instincts list

📊 性能指标

指标数值
循环时间17 分钟
模式识别准确率92%
置信度上限0.95
支持模式类型8 种

🏆 成功案例

客户:某 AI 工具开发者
技能:first-principle-analyzer
结果:识别 5 个优化点,执行后性能提升 40%

文件版本:v1.0.0
创建时间:2026-04-02
上架用户:pagoda111king

Comments

Loading comments...