ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Evoagentx

v1.0.1

EvoAgentX - Self-evolving AI agents framework integration

0· 734·0 current·0 all-time
byIvan Cetta@nantes

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for nantes/evoagentx.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Evoagentx" (nantes/evoagentx) from ClawHub.
Skill page: https://clawhub.ai/nantes/evoagentx
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python3.12
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install evoagentx

ClawHub CLI

Package manager switcher

npx clawhub@latest install evoagentx
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md claims to integrate with EvoAgentX and even lists a pip package and a Windows python_path, but the registry metadata shows no install spec and there are no code files. The instructions rely on a PowerShell script (evoagentx.ps1) that is not included — this mismatch (claiming to install/run something but not providing the installer or clear install steps) is incoherent. The hard-coded Windows python path is user-specific and may not apply to other environments.
!
Instruction Scope
Runtime instructions tell the agent/user to run .\evoagentx.ps1 -Action <...> and to set $env:OPENAI_API_KEY, but no such script is present and the skill registry did not declare any required environment variables. The instructions also refer to installing/checking the framework without giving the actual commands or safe provenance for any downloads — leaving the agent/user to run unspecified install steps.
Install Mechanism
There is no install specification in the registry; the SKILL.md's embedded metadata references a pip dependency (evoagentx) but provides no automated install step. That makes installation ambiguous: the skill expects Python 3.12 and a package but does not instruct how or from where the package will be installed. Lack of an explicit, verifiable install mechanism is a risk and a coherence issue, though not proof of malicious intent.
!
Credentials
The visible instructions require an OpenAI API key (and mention other providers) but the skill's declared required env vars list is empty. Requesting API keys without declaring them in the registry and without describing minimal needed scopes is disproportionate. The skill could require additional model provider keys (Claude, DeepSeek, Qwen) but gives no guidance on which are mandatory.
Persistence & Privilege
The skill does not request persistent privileges (always is false) and does not declare changes to other skills or system-wide settings. It does, however, reference a user-specific python path; this is odd but not a privilege escalation.
What to consider before installing
Do not run the commands in SKILL.md or set API keys globally until you confirm provenance. Specific actions to take before installing: 1) Ask the publisher for the missing files (evoagentx.ps1 or a clear install script) and a trustworthy source for the 'evoagentx' pip package (PyPI link or GitHub release). 2) Verify the GitHub/org site and that the pip package matches the repo and is maintained. 3) Never paste your OpenAI (or other) secret into a file or command you haven't verified — prefer injecting keys into a controlled environment (a dedicated virtualenv/VM or ephemeral container) and use least-privilege API keys. 4) If you must test, do so in an isolated sandbox or VM and inspect any scripts before running. Providing an explicit install spec, included scripts, and declared env vars would raise confidence; absence of those items is why this skill is flagged as suspicious.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🧬 Clawdis
Binspython3.12
latestvk978tecytyj5j6gbks6n78vjvs81nr7a
734downloads
0stars
2versions
Updated 7h ago
v1.0.1
MIT-0
Ivan Cetta@nantes
latest
Download

EvoAgentX Skill

Integration with EvoAgentX framework for self-evolving AI agents.

⚠️ Important: Python Version

This skill uses Python 3.12 (not default Python)

  • Path: C:\Users\z\AppData\Local\Programs\Python\Python312\python.exe

What it does

  • Install - Install EvoAgentX framework
  • Status - Check EvoAgentX installation and API keys
  • Docs - Open documentation links
  • Run - Run an EvoAgentX workflow

Installation

# Check status first
.\evoagentx.ps1 -Action status

# Install (if needed)
.\evoagentx.ps1 -Action install

Usage

Check Status

.\evoagentx.ps1 -Action status

Install

.\evoagentx.ps1 -Action install

Open Documentation

.\evoagentx.ps1 -Action docs

Requirements

  • Python 3.12 (already installed)
  • evoagentx package (already installed!)
  • OpenAI API key (or Claude, DeepSeek, etc)

Setup

  1. Set API key: 
    $env:OPENAI_API_KEY = "sk-..."
  2. Run: .\evoagentx.ps1 -Action run -Goal "your goal"

What is EvoAgentX?

EvoAgentX is a framework for building self-evolving AI agents:

  • Auto-constructs workflows from goals
  • Self-evolution based on feedback
  • Multi-model support (OpenAI, Claude, DeepSeek, Qwen)
  • Memory (short-term + long-term)
  • Human-in-the-loop

Links:

License

MIT

Comments

Loading comments...