Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Skill Evolver
v0.3.0Use this skill when evolving skills and extracting patterns from execution data. Provides automatic feedback collection, AI suggestion generation, impact tra...
⭐ 0· 75·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The README and SKILL.md describe an event-driven hook system that captures skill calls, stores/encrypts data locally, runs A/B tests, and reference runtime code (e.g., './src/event-bus', ReportFactory). However the package contains no src/ code files. The skill declares no required env vars or config paths even though it claims to access execution logs and perform local encryption/private deployment. That mismatch (describing a backend that would need platform hooks, storage, or credentials but not declaring any) is incoherent.
Instruction Scope
The SKILL.md header lists tools ['Read','Write','Bash','Exec'], and the prose instructs the agent to collect past execution data, subscribe to events, and run code examples. But it doesn't specify where to get event streams or logs, nor provide the referenced implementation. The instructions are high‑level and give the agent broad discretion (e.g., 'collect past 7 days feedback', 'auto-create A/B tests'), which could require reading files, invoking shell commands, or calling external endpoints—actions not constrained or justified in the doc.
Install Mechanism
This is instruction-only (no install spec), which is lower risk. However package.json and many code snippets reference a src/ directory and modules that are not present in the package. That inconsistency suggests either incomplete packaging or missing implementation — something to clarify before trusting the skill.
Credentials
The skill requests no environment variables or credentials in the manifest, yet claims capabilities (event hooks, local encrypted storage, private deployment, A/B test traffic control) that normally require platform integration, storage access, or credentials. Also the declared agent tools (Read/Write/Bash/Exec) allow file and shell access; using them is not justified by the manifest and expands the attack surface.
Persistence & Privilege
always is false (good). The skill is allowed to invoke autonomously (default) and the SKILL.md implies it will subscribe to events and store data locally — this is not inherently invalid, but autonomous invocation combined with the ability to run shell commands and read/write files increases risk if permissions/data sources are unclear. The skill does not explicitly request modifying other skills or system configs.
What to consider before installing
This skill looks like a plausible 'meta' tool, but there are red flags you should resolve before installing:
- Ask the author for the missing source code (src/*) that SKILL.md and package.json reference. Without it you can't verify what will run.
- Clarify what event stream/logs the skill will access and how: which platform API, file paths, or hooks? The manifest currently declares no credentials or config paths which is inconsistent with its claims.
- Confirm exactly what the skill will do with Read/Write/Bash/Exec tools. Request a minimal permission list and explicit commands or endpoints. If it needs shell access, prefer running it in an isolated sandbox/container.
- Ask how data is stored/encrypted locally and where keys are kept. If the skill processes sensitive user data, require documented encryption and retention policies (and proof in code).
- Do not grant system-level or cloud credentials until you review the implementation. If possible, run the skill in a test account or sandbox first and monitor file/system/network activity.
If the author can't provide the missing code or concrete integration details, treat the package as incomplete and avoid installing it on production systems.Like a lobster shell, security has layers — review code before you run it.
latestvk972g2ckq2w855d8vp47hcwvfn8404rd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.