REFINE: The Self-Evolving Agent

v1.0.3

REFINE is an adaptive skill engine for structured session diagnostics. Use this skill when a user explicitly requests: logging error patterns across sessions...

⭐ 0· 133·0 current·0 all-time

by@dttnpole-commits

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for dttnpole-commits/refine-agent.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "REFINE: The Self-Evolving Agent" (dttnpole-commits/refine-agent) from ClawHub.
Skill page: https://clawhub.ai/dttnpole-commits/refine-agent
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install refine-agent

ClawHub CLI

Package manager switcher

npx clawhub@latest install refine-agent

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description, SKILL.md, skill.yaml and main.py align: the skill captures sanitized feedback and errors locally and (optionally) runs an offline PRO-mode patch synthesis flow. The only optional secret (SKILLPAY_TOKEN_HASH) and REFINE_MODE map directly to the described PRO mode and are proportionate to the stated purpose.

ℹ

Instruction Scope

SKILL.md and code limit operations to local disk writes (refine_memory.json) and sanitization. The skill can synthesise 'System Prompt Patches' from local analysis — this is consistent with its purpose but is a behavioral risk: any generated patch that an operator or agent applies could change agent behavior. SKILL.md advises activation only on explicit requests, which mitigates scope creep.

✓

Install Mechanism

No install spec; main.py is standard-library-only and skill.yaml lists no external dependencies. No downloads or external package installs are required, which is low-risk and proportional.

✓

Credentials

All environment variables are optional. SKILLPAY_TOKEN_HASH (secret) and REFINE_MODE are justified by the PRO mode offline verification flow. The skill does not require unrelated credentials or broad environment access.

ℹ

Persistence & Privilege

The skill persists sanitized data to a local file (refine_memory.json) and is not marked always:true. That persistence is expected for a diagnostics tool, but users should be aware data is written to the agent's working directory. Also note the skill can produce system-prompt patches (stored locally) — review before applying to agent/system prompts.

Assessment

This skill appears internally consistent: it runs offline, uses only the standard library, and enforces code-level sanitization before writing to refine_memory.json. Before installing or using it, consider: 1) Do not pass raw prompts, secrets, PII, or credentials in the context fields — even though the sanitizer is robust, avoiding sensitive data is best practice. 2) PRO mode requires providing a raw SkillPay token to the skill caller (the example passes it via headers); the skill hashes and compares it offline and does not persist the token, but supplying secrets to any third-party code should be deliberate. 3) The skill synthesises system-prompt patches — ensure any patch is reviewed before being incorporated into your agent's system prompt or applied automatically. 4) The skill writes refine_memory.json to the working directory; confirm that location is acceptable for storing diagnostic metadata. If you want extra assurance, review the complete main.py (especially the PRO/patch synthesis functions) to confirm there are no hidden network calls or automatic patch-application behaviors.

Like a lobster shell, security has layers — review code before you run it.

ai-learningvk970yfxh3kky1n3cgghts39ww183h3mblatestvk970yfxh3kky1n3cgghts39ww183h3mbproductivityvk970yfxh3kky1n3cgghts39ww183h3mbself-improvementvk970yfxh3kky1n3cgghts39ww183h3mb

133downloads

0stars

4versions

Updated 1mo ago

v1.0.3

MIT-0

REFINE — Adaptive Session Diagnostics

A dual-mode skill engine. Captures error patterns and feedback labels locally, then (in PRO mode) synthesises System Prompt Patches from local failure analysis.

All data stays on local disk (refine_memory.json). No network calls are made.

What Gets Stored — Complete List

All caller-supplied data passes through sanitization before reaching disk.

Source	Field	Sanitization applied
`capture_feedback(feedback)`	`feedback`	Truncated to 300 chars
`capture_feedback(context)`	`context`	See Context Sanitization below
`log_error(error)`	`type`	Exception class name only
`log_error(error)`	`message`	First line only, truncated 300 chars
`log_error(context)`	`context`	See Context Sanitization below
Stack traces	—	Never stored
Raw prompts	—	Never stored

Context Sanitization — Enforced by Code

The context dict argument in both capture_feedback() and log_error() is passed through _sanitize_context() before any write. This function:

Blocks sensitive key names — keys matching token, key, secret, password, auth, api_key, bearer, credential, private, seed, hash, pin, ssn, credit, card, cvv → stored as [REDACTED — sensitive key name]
Rejects nested objects — any dict or list value → [REMOVED — nested dict/list not stored]
Truncates strings — all string values capped at 200 chars
Limits keys — maximum 8 keys per context dict
Scalar types only — str, int, float, bool permitted; all other types → [REMOVED — unsupported type]

This is a code-level enforcement — it applies regardless of warnings in documentation. Sensitive data cannot reach the JSON file.

Mode Selection

REFINE_MODE is optional — defaults to BASIC if not set.

`REFINE_MODE`	Platform	Tier	Auth required
`BASIC` (default)	ClawHub	Free	None
`PRO`	SkillPay	Paid	`SKILLPAY_TOKEN_HASH` + header

# BASIC — no configuration needed
python main.py

# PRO — set both variables
export REFINE_MODE=PRO
export SKILLPAY_TOKEN_HASH=$(echo -n "your-token" | sha256sum | cut -d' ' -f1)

BASIC Mode

from main import build_engine

engine = build_engine()

# Safe: short diagnostic labels only
engine.capture_feedback("verbosity-high", context={"prompt_id": "p001"})

# Context is sanitized — api_key below will be stored as [REDACTED]
engine.capture_feedback("test", context={"api_key": "sk-..."})   # → [REDACTED]

try:
    risky_operation()
except Exception as exc:
    engine.log_error(exc, {"endpoint": "/api/v1"})   # context sanitized

history = engine.get_history(limit=10)
engine.close()

PRO Mode

import os
from main import build_engine, SKILLPAY_HDR

token   = your_secret_manager.get("skillpay-token")
headers = {SKILLPAY_HDR: token}

engine = build_engine(auth_headers=headers)

report = engine.evolve()   # analyse local errors → synthesise patch
patch  = engine.get_latest_patch()
if patch:
    next_system_prompt = patch["patch_body"] + "\n\n" + base_system_prompt

engine.close()

Security

Concern	Implementation
Token comparison	`hmac.compare_digest` — stdlib `hmac`, constant-time
Token in logs	Never — 8-char hash prefix only
Token storage	`SKILLPAY_TOKEN_HASH` env var only
Context dicts	Sanitized by `_sanitize_context()` before any disk write
Sensitive keys	Blocked by regex — stored as `[REDACTED]`
Nested objects	Rejected — stored as `[REMOVED]`
String values	Truncated to 200 chars in context, 300 chars elsewhere
Stack traces	Never stored
Network calls	None — fully offline
File writes	Atomic temp-file rename

Environment Variables

All optional:

Variable	Default	Description
`REFINE_MODE`	`BASIC`	`BASIC` or `PRO`
`SKILLPAY_TOKEN_HASH`	(none)	SHA-256 hex of token; PRO only
`LOG_LEVEL`	`INFO`	`DEBUG` / `INFO` / `WARNING` / `ERROR`

Comments

Loading comments...