Skill Evolver
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is coherent and purpose-aligned, but it can install, audit, invoke, and create persistent skills, so users should approve those lifecycle changes carefully.
This skill appears safe to install from the provided artifacts, but use it deliberately: approve any registry skill installation, verify sources before global npm/npx or clawhub actions, review generated deletion commands before running them, and audit any newly created or fused skills before future use.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing remote skills or global CLIs can add new code and agent capabilities to your environment.
The workflow may install global CLI tooling and remote registry skills. This is central to the skill’s lifecycle-manager purpose, but it introduces normal third-party package and registry trust risk.
npm i -g clawhub ... npx skills add <slug> -g -y ... clawhub install <slug>
Only install skills and CLIs from sources you trust, review the selected slug/source before approving, and prefer pinned or verified sources when available.
If the generated removal command is copied or run without review, it could delete more than intended if the path is wrong.
On a rejected audit, the script writes a recursive deletion command into the report. It does not execute the command itself, and removing a rejected skill is purpose-aligned, but the path should be checked before anyone runs it.
f"rm -rf {skill_path}"Before running any generated removal command, confirm the path is exactly the intended skill directory and not a parent, home, or system directory.
A newly created skill can persist beyond the current task and influence future agent behavior.
The workflow can materialize a successful workflow into a new persistent skill. The artifact includes a user decision checkpoint, making this disclosed and purpose-aligned.
A: Yes, create a new skill (invoke `skill-creator`)
Create or fuse a skill only after confirming the scope, then inspect and audit the generated skill before relying on it.
Sensitive details from the task could remain in local output files after the session.
The workflow writes task intent, candidate analysis, inspection notes, and orchestration plans to local files. This is expected for repeatable workflow management, but those files may contain sensitive task context.
output `${OUTPUT_DIR}/01-intent.md` ... `${OUTPUT_DIR}/03-inspection.md` ... `${OUTPUT_DIR}/04-orchestration.md`Avoid placing secrets in task descriptions and clean up the output directory when the workflow artifacts are no longer needed.
A skill that passes the regex audit could still have risks not covered by the scanner.
The audit gate is based on pattern scanning in scripts/audit_skill.py. That is useful as a first pass, but a pass should not be treated as a complete security guarantee.
PASS: No high-risk patterns → Skill ready to use
Treat the automated audit as a screening step and still review unfamiliar skills, especially before installing or invoking them.