ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Evolution Toolkit

v1.0.0

Provides portable tools for agent self-improvement including session handoffs, reasoning style measurement, contradiction scanning, prediction logging, playb...

0· 75·0 current·0 all-time
byergo@ergopitrez·duplicate of @ergopitrez/evolution-toolkit-build
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (self‑improvement, handoffs, contradiction scanning, prediction logging, optimizer, Socratic mode) aligns with the included scripts and protocols. The repository contains CLI Node scripts that operate on a workspace with memory/, imprints/, prediction logs, etc., which is expected for this purpose.
!
Instruction Scope
SKILL.md instructs the operator to set EVOLUTION_TOOLKIT_WORKSPACE and to run scripts that read and write files under that workspace. That scope is appropriate, but the scripts also fall back to a default path (HOME/.openclaw/workspace or cwd) if the env var is not set. That means the code can read from and (when writing) modify files in a default location in your home directory if you forget to set the workspace. Review and run in an isolated directory first. Scripts perform broad text scanning of many workspace files (AGENTS.md, EVOLUTION.md, memory/*.md) which is expected, but be aware they will read your workspace content.
Install Mechanism
No remote installer or downloads; code files are bundled with the skill. There is no install spec that fetches arbitrary archives or runs networked installers. This lowers supply‑chain risk, assuming you trust the provided JavaScript source. Still review the code you intend to run (particularly skill-optimizer.js, which could call external APIs).
!
Credentials
Registry metadata lists no required env vars, but the SKILL.md/README and config.example reference EVOLUTION_TOOLKIT_WORKSPACE and the README/config note that skill-optimizer may look for GEMINI_API_KEY / GOOGLE_API_KEY or workspace .secrets. The code uses process.env.EVOLUTION_TOOLKIT_WORKSPACE and falls back to HOME/.openclaw/workspace. This mismatch (no declared required envs but optional API keys and .secrets access) is an unexplained gap: if you run the optimizer without checking, it may attempt network calls using an API key found in your environment or workspace .secrets. Treat API keys as optional but potentially required by some scripts and audit skill-optimizer.js before providing keys.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide config. Its write actions are confined to the user-designated workspace (memory/, memory/research/, imprints/). Scripts check for write access and exit if the workspace is not writable. Autonomous invocation is allowed by default (normal for skills) and not combined here with elevated persistence.
What to consider before installing
This package looks like what it says: a set of local Node scripts that read and write an agent 'workspace' to support handoffs, fingerprinting, contradiction scanning, prediction logs, and a playbook optimizer. Before you install/run it: 1) Do not run it in your real home directory—set EVOLUTION_TOOLKIT_WORKSPACE to an isolated, writable directory (e.g., a temp or sandbox workspace) so the tools only read the files you intend. 2) Inspect scripts/skill-optimizer.js (and any other network‑related files) for outbound calls and exactly which env vars they use; if you don't want external APIs called, do not provide GEMINI_API_KEY/GOOGLE_API_KEY and run the optimizer in offline mode or skip it. 3) If you have sensitive secrets in your workspace (a .secrets file, API keys, tokens), move them or ensure the toolkit is pointed at a non-sensitive workspace; README mentions the optimizer may search workspace .secrets. 4) Run the read‑only scanning commands first (e.g., contradiction-scanner --json or fingerprinting with --json if available) to confirm behavior before allowing any write commands. 5) If you need a higher assurance, run the tools inside a container or VM and perform a code review focusing on any network calls or child_process/exec usage (not present in shown files but may appear in omitted scripts).

Like a lobster shell, security has layers — review code before you run it.

latestvk97dv1fky75smsbxxhgrrkg93h83gje2
75downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
ergo@ergopitrez
latest
Download

Evolution Toolkit

Skill by Ergo | 2026-03-24 | Portable toolkit for agent self-improvement across workspaces Status: ✅ Verified

How to use: Set EVOLUTION_TOOLKIT_WORKSPACE to the target workspace, then run the script that matches the cognitive task. Load protocols/session-continuity.md or protocols/thinking-partner.md when the task is about handoffs or problem framing.

Triggers

Use this skill when the request is about any of these:

  • Session end, handoff, continuity, preserving context between runs
  • "How am I reasoning?" or "compare these sessions/documents"
  • Contradictions, drift, conflicting instructions, stale guidance
  • Prediction logging, confidence calibration, decision audits
  • Improving a prompt/playbook through repeated eval loops
  • Switching into Socratic questioning instead of direct advice
  • Cross-session consistency, identity drift, recurring themes

Workspace

Export a writable workspace before running any script that writes state:

export EVOLUTION_TOOLKIT_WORKSPACE=/path/to/workspace

Expected layout:

  • memory/
  • memory/imprints/ for session imprints
  • memory/research/ for coherence reports
  • CURRENT.md if you want session-imprint context
  • memory/prediction-log.md if you want prediction logging

Scripts

scripts/session-imprint.js

  • Interactive session-end handoff.
  • Use --read, --list, or --diff to inspect existing imprints.

scripts/cognitive-fingerprint.js

  • Measures reasoning style across 14 dimensions.
  • Useful for one file, today's log, all imprints, or historical comparisons.

scripts/contradiction-scanner.js

  • Scans guidance files in the workspace for conflicting directives, stale references, and drift.

scripts/predict.js

  • Logs predictions and audits calibration.
  • Requires memory/prediction-log.md with ## Log and ## Calibration sections.

scripts/skill-optimizer.js

  • Runs an iterative generate -> evaluate -> improve loop for a configurable playbook.
  • Requires a config file; see config.example.json.

scripts/socratic-mode.js

  • Classifies a problem into thinking phase and outputs friction-injecting questions.

scripts/session-coherence.js

  • Analyzes daily logs for persistent themes, energy, and drift.
  • Writes a report to memory/research/ by default.

Quick Commands

node scripts/session-imprint.js
node scripts/cognitive-fingerprint.js --daily
node scripts/contradiction-scanner.js --verbose
node scripts/predict.js add
node scripts/socratic-mode.js "Should I launch now or keep polishing?"
node scripts/session-coherence.js --days 14 --portrait
node scripts/skill-optimizer.js --config ./config.json --skill customer-support --iterations 3

Protocols

Read these only when relevant:

  • protocols/session-continuity.md: how to end and resume sessions cleanly
  • protocols/thinking-partner.md: how to add useful friction instead of reflexive answers

Notes

  • Write-capable scripts exit early with a clear warning if the target workspace is not writable.
  • skill-optimizer.js is intentionally config-driven so the package stays product-neutral.
  • The toolkit does not ship credentials. API keys must come from env vars or your own workspace secrets.

Comments

Loading comments...