Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Evolution Watcher
v0.6.2自动监控并对比已安装插件版本,生成升级报告,支持星型记忆架构的智能进化决策。
⭐ 0· 164·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description (monitoring and upgrade reporting) mostly aligns with code (monitor.py, diff_analyzer, report files). However, the SKILL.md repeatedly asserts '只读' and '零自动升级' while the bundle includes adapter_auto_fix, fix templates, and logic to generate/apply fix proposals and upgrade scripts — capabilities beyond pure read-only monitoring. Generating and applying code fixes to adapters is plausible for an upgrade assistant but is a broader capability than the high-level description emphasizes.
Instruction Scope
SKILL.md instructs running python scripts that call ClawHub CLI ('clawhub list', 'clawhub inspect'), and the code (diff_analyzer) will clone GitHub repos, run git commands, and analyze diffs. The README emphasizes sandboxing and user authorization for apply, but instructions are inconsistent about what is automated vs manual. The runtime instructions don't explicitly mention network cloning or potential modification of adapter files, which the code is designed to do (including producing apply_command and backups).
Install Mechanism
No install spec is provided (instruction-only). All code is included in the skill bundle; there are no external install downloads in the manifest. Risk stems from the code's runtime behavior (git cloning, subprocess calls), not from any installer fetching remote binaries.
Credentials
The skill declares no required env vars, yet config/monitor_sources.json contains a github.token field (empty) and the DiffAnalyzer accepts an optional GitHub token. The skill can interact with ClawHub CLI and local plugin directories (/root/.openclaw/workspace/skills) and may read .git/config from plugin dirs. Not requesting creds is reasonable for public-repo monitoring, but if you enable GitHub support or private repos you may need to supply a token — which grants access to repo content. The skill can also be configured to send notifications (webhook_url) in config, which could be used to transmit data if misconfigured.
Persistence & Privilege
The skill is not 'always:true' and is user-invocable, but it contains code to generate and (with authorization) apply fixes to adapter files across the workspace (scopes include '**/*_adapter.py' etc). That means it can modify other skills' code (potentially persistent and privileged changes) if used to apply patches. SKILL.md claims apply only after user confirmation, but the artifact includes tools to write/checkout/patch code and to generate upgrade scripts — a powerful capability that warrants caution.
What to consider before installing
This skill mostly does what it says (monitor plugins and produce upgrade reports) but includes powerful code-modification features (adapter_auto_fix, diff analysis, upgrade script generation). Before installing or running it: 1) Do not run it on production — follow its own warning and test in an isolated environment or VM. 2) Inspect adapter_auto_fix and any 'apply' code paths to ensure no unexpected automatic writes; keep DRY_RUN enabled and require explicit confirmation before any apply. 3) If enabling GitHub monitoring, supply a minimal-scope token only if needed and understand it allows repo access; prefer public repos where possible. 4) Ensure ClawHub CLI and git subprocesses run with least privilege (avoid running as root). 5) Back up workspace/skills before allowing any repairs, and review generated upgrade/patch scripts (cat upgrade_script.sh) before execution. 6) Consider disabling notifications/webhook_url or verifying endpoints to avoid accidental data exfiltration. If you want me to, I can point to the exact places in the code where repo cloning, file modifications, and apply commands are prepared so you can review them line-by-line.Like a lobster shell, security has layers — review code before you run it.
latestvk9746jrgjeacwfksk4ek6sf7j5838z26
License
MIT-0
Free to use, modify, and redistribute. No attribution required.