ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Evolution v3

v1.0.0

Use when users ask to evolve/upgrade OpenClaw agents into coordinator mode, apply Gene Locking to IDENTITY.md and AGENTS.md, package this evolution as reusab...

0· 89·0 current·0 all-time
by@jacurtwong

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jacurtwong/openclaw-evolution-v3.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "OpenClaw Evolution v3" (jacurtwong/openclaw-evolution-v3) from ClawHub.
Skill page: https://clawhub.ai/jacurtwong/openclaw-evolution-v3
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install openclaw-evolution-v3

ClawHub CLI

Package manager switcher

npx clawhub@latest install openclaw-evolution-v3
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and included reference files all align: the package is a blueprint for upgrading OpenClaw agents to 'coordinator' mode and for applying the Gene Locking SOP to IDENTITY.md and AGENTS.md. The instructions and templates within the references directly support that purpose (reading guides, producing explicit edits, staged rollout, rollback).
!
Instruction Scope
SKILL.md and the guides instruct the agent to read repo files (e.g., src/*, IDENTITY.md, AGENTS.md), run git/status checks, run tests/type-checks, and — notably — capture a 'system snapshot' that includes environment variables. The skill metadata declares no environment variables, but the runtime guidance explicitly expects the agent to read environment variables and the filesystem. That grants the agent broad read access (potentially including secrets) unless the execution environment or operator limits it. The skill also instructs writing templates into IDENTITY.md/AGENTS.md (expected for the purpose) but does not constrain or require human approval before making those persistent edits.
Install Mechanism
This is an instruction-only skill with no install spec and no code files executed. That minimizes the risk of arbitrary code being written to disk or downloaded during install.
!
Credentials
requires.env is empty (no credentials requested), yet the guidance expects capturing environment variables and repository state. Accessing environment variables can expose secrets (API keys, tokens) that are unrelated to the stated high-level purpose if the agent is allowed to read them indiscriminately. The skill also asks to modify core policy files (IDENTITY.md, AGENTS.md), which is proportionate to its goal but should be gated by approvals and run in a sandbox/branch — the instructions recommend this, but the metadata does not enforce it.
Persistence & Privilege
The skill is not always: true and does not request persistent installation or elevated platform-wide privileges. It instructs making changes to config files in the repo (expected for an evolution SOP), but it explicitly frames the repo as a blueprint and recommends staged rollout, feature flags, and rollback points. There is no evidence it modifies other skills or system-wide agent settings beyond workspace files.
Scan Findings in Context
[no-findings] expected: The regex-based scanner found nothing to analyze; this is an instruction-only skill so static code scans had no code to evaluate. The lack of findings is not proof of safety — the SKILL.md itself contains actionable instructions that must be reviewed before use.
What to consider before installing
This skill is a coherent blueprint for evolving OpenClaw agents, but it instructs the agent to read repo state and environment variables and to write policy files — actions that can expose secrets or introduce persistent policy changes if performed automatically. Before installing or running this skill: 1) Run it only in a safe test branch or sandbox workspace (never directly on production). 2) Require human approval before applying any automated edits to IDENTITY.md or AGENTS.md. 3) Review the exact templates in SOP_GENE_LOCKING.md and verify they match your security policy. 4) Ensure the agent/process is prevented from reading sensitive environment variables (or explicitly whitelist which env vars are allowed). 5) Back up/ tag the repo state and prepare a rollback plan as recommended. If you want higher assurance, ask the skill author for an explicit statement about which environment variables the skill will read and for an optional 'dry-run' mode that outputs proposed edits without applying them.

Like a lobster shell, security has layers — review code before you run it.

latestvk9787b9q2nxmby71sjstdyqch984pb80
89downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@jacurtwong
latest
Download

OpenClaw Evolution v3 Skill

Purpose

Standardize safe upgrades from executor-style behavior to coordinator-style behavior.

When to use

Use this skill when the user asks to:

  • Upgrade agent orchestration (Mandatory Synthesis / Parallel-Serial partition / Proof verification)
  • Apply or review SOP_GENE_LOCKING.md
  • Turn evolution docs into reusable templates/skills
  • Judge whether a public evolution repo can be used directly by other users

Mandatory safety posture

  1. Treat evolution content as blueprint, not one-click installer.
  2. Require compatibility checks before any mutation.
  3. Enforce staged rollout + rollback readiness.
  4. Never bypass existing permission pipeline.

Execution workflow

  1. Preflight
    • Read references/COMPATIBILITY.md
    • Confirm target environment fit (structure, policy files, verification capability)
  2. Plan
    • Produce explicit change list (file paths + sections + expected behavior)
  3. Apply minimally
    • Prefer small slices; avoid broad rewrites
  4. Verify as proof
    • Run checks/tests/smoke after each slice
  5. Finalize
    • Summarize what changed, what was verified, and rollback point

Source references in this skill

  • references/COMPATIBILITY.md
  • references/SOP_GENE_LOCKING.md
  • references/EVOLUTION_GUIDE_EN.md
  • references/EVOLUTION_GUIDE_CN.md
  • references/README_REPO_EN.md
  • references/README_REPO_CN.md

Output contract

When asked to execute an evolution:

  • Provide: scope, risks, exact edits, validation commands, rollback plan
  • Avoid: one-shot invasive surgery across unrelated modules

Comments

Loading comments...