ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Zhua Evolver

v1.0.0

爪爪专属自我进化系统 —— 自动分析能力差距、搜索补强技能、执行进化循环、记录进化日志。Use when 爪爪需要自我进化、能力提升、技能补强、或达到更高智能水平。

0· 176·0 current·0 all-time
by@beipian261

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for beipian261/zhua-evolver.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Zhua Evolver" (beipian261/zhua-evolver) from ClawHub.
Skill page: https://clawhub.ai/beipian261/zhua-evolver
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install zhua-evolver

ClawHub CLI

Package manager switcher

npx clawhub@latest install zhua-evolver
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The README/description says the skill will "search skillhub" and "automatically install and configure new skills." However the package contains no install spec, no declared credentials, and the SKILL.md references scripts (scripts/search_skills.py, scripts/install_skills.py, scripts/log_evolution.py) that are not present in the file manifest. The actual scripts included are mostly local analysis and reporting tools (analyze_gap.py, orchestrate_minions.py, checks) which do not perform searching or installation. The declared purpose (automated discovery + install) is therefore not matched by the provided implementation.
!
Instruction Scope
SKILL.md instructs running several scripts including ones that would search and install skills, but those scripts are missing. The scripts that do exist are benign-looking local utilities (gap analysis, orchestrate prints, status checks) and do not access environment variables, external endpoints, or system configuration. Because the instructions imply network actions and modifications (installing skills) while the code does not implement them, the instructions and code are inconsistent — this is scope creep / incomplete implementation.
Install Mechanism
There is no install specification (instruction-only skill). That lowers risk from automatic downloads/execution. The lack of an install mechanism is consistent with the fact that included scripts are local utilities. However, it also means the promised automatic installation capability has no implementation here.
Credentials
The skill declares no required environment variables, no primary credential, and no required config paths. The bundled scripts do not read secrets or configuration files. The absence of credentials is proportionate to the actual code present. That said, the stated goal (installing/configuring other skills) would normally require credentials or network access; their absence is another sign of mismatch rather than overprivilege.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system modifications. The provided scripts do not write to other skills' configs or system-wide settings. No elevated privileges are requested in the manifest. This dimension shows no unexplained privilege escalation.
What to consider before installing
Do not run this skill as-is if you expect it to auto-discover and install other skills — the manifest and SKILL.md promise network/search/install behavior but the actual package lacks the referenced search/install/log scripts. If you want to use it: (1) ask the author for the missing scripts (search_skills.py, install_skills.py, log_evolution.py) and for a clear description of any network endpoints and credentials those scripts require; (2) review any returned scripts before executing them (look for network calls, subprocess exec, downloads, and credential access); (3) run untrusted code in a sandboxed environment first; (4) if you need automatic installation of other skills, prefer an implementation that documents which registry/API it uses and why it needs any credentials. The current mismatch could be harmless placeholder content, but it could also hide later additions that perform network or credentialed actions—treat as incomplete and verify before enabling autonomous use.

Like a lobster shell, security has layers — review code before you run it.

agentvk97dq0mf5em6m2qxattv2nb3md833c60evolutionvk97dq0mf5em6m2qxattv2nb3md833c60latestvk97dq0mf5em6m2qxattv2nb3md833c60self-improvementvk97dq0mf5em6m2qxattv2nb3md833c60
176downloads
0stars
1versions
Updated 21h ago
v1.0.0
MIT-0
@beipian261
agentevolutionlatestself-improvement
Download

爪爪进化器 (Zhua Evolver)

爪爪的专属自我进化系统,让爪爪能够自动分析自身能力差距,搜索并安装补强技能,执行进化循环,记录进化日志。

核心能力

  1. 差距分析 - 对比当前能力与目标水平,识别短板
  2. 技能搜索 - 在skillhub搜索补强技能
  3. 自动安装 - 安装并配置新技能
  4. 进化记录 - 记录每次进化的过程与成果
  5. 小弟调度 - 调度6个小弟协同进化

使用场景

  • 当爪爪需要达到更高智能水平时
  • 当发现能力短板需要补强时
  • 当陛下要求进化到特定水平时
  • 当需要自动持续进化时

工作流程

1. 差距分析

python3 scripts/analyze_gap.py --current <当前技能数> --target <目标水平>

2. 技能搜索

python3 scripts/search_skills.py --keywords <关键词> --limit 10

3. 自动安装

python3 scripts/install_skills.py --skills <技能列表>

4. 进化记录

python3 scripts/log_evolution.py --cycle <周期号> --changes <变更描述>

5. 小弟调度

python3 scripts/orchestrate_minions.py --task <任务描述>

小弟分工

小弟进化职责
探爪搜索新技能、调研技术趋势
码爪编写进化脚本、自动化工具
魂爪更新SOUL.md、身份进化
话爪记录进化日志、对外宣传
守爪监控进化安全、防止回滚
影爪生成进化可视化、头像更新

进化指标

  • 技能数量
  • 能力覆盖率
  • 执行成功率
  • 进化速度
  • 小弟协同效率

参考文档

  • references/evolution_patterns.md - 进化模式参考
  • references/skill_evaluation.md - 技能评估标准

Comments

Loading comments...