ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Self Evolution Pro

v1.0.0

增强型自我进化技能,集成自动技能提取、根因分析、知识图谱、跨会话同步、自动晋级机制。触发词:'总结这个经验'、'保存为技能'、'自我进化'、'学习这个'、'记录教训'。相比原版self-improving-agent,新增自动提取、多维度分析、进化追踪功能。

0· 195·0 current·0 all-time
by@windy-001-crypto
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (self-improvement, skill extraction, cross-session sync) aligns with what the SKILL.md and scripts do: creating a ~/.openclaw/workspace, storing learnings, detecting recurrence, extracting skills and optionally publishing them. The behavior requested (read session history, create skills, schedule reviews) matches the stated purpose.
!
Instruction Scope
SKILL.md instructs the agent to read and write local files under ~/.openclaw/workspace, access other sessions via sessions_list/sessions_history/sessions_send/sessions_spawn, schedule cron jobs via cron_add, and run included scripts (extract.sh, review.sh). Those actions go beyond passive note-taking: they allow automated cross-session reading, spawning background subagents, and automated publishing. The spec also encourages automatic extraction/publishing when recurrence thresholds are met, which could cause sensitive conversation content to be promoted or shared without explicit user approval.
Install Mechanism
No install spec is declared (instruction-only), which is lower risk, but three executable shell scripts are bundled and intended to be run. The scripts create files under the user's home directory and call external CLI commands (clawhub). Because code is present, running these scripts writes to disk and can trigger network activity (clawhub publish). There is no external download or obfuscated installer, but presence of runnable scripts increases runtime risk vs. pure-documentation skills.
!
Credentials
The skill declares no required environment variables or primary credential, yet the extract script can call `clawhub publish` and SKILL.md shows use of sessions_* and cron_add platform APIs. Publishing to ClawHub or using platform session APIs typically requires authenticated credentials or platform capabilities; the skill does not declare or justify credential needs. More importantly, automatic extraction/publishing could expose sensitive conversation content or secrets recorded in .learnings to an external registry. The number and sensitivity of accessible data sources (local workspace files and other sessions) is high relative to the simple description.
Persistence & Privilege
always:false (good). The skill suggests scheduling recurring reviews with cron_add and spawning subagents via sessions_spawn, which grants it the ability to cause recurring or background activity if invoked or if the agent calls it autonomously. Autonomous invocation is the platform default; combined with publishing capability this increases blast radius. The skill does not request to change other skills' configs or system-wide settings.
What to consider before installing
This skill appears to do what it says (collect learnings, extract skills, sync across sessions), but it carries data-exposure and automation risks you should consider before installing: - It writes into ~/.openclaw/workspace and will read those files and your session histories. Inspect those files for any sensitive content you wouldn't want stored or published. - The extractor can call `clawhub publish` (network publish). If run, that could push learned content — potentially containing secrets — to ClawHub. Verify how ClawHub publishing is authenticated and require explicit consent before publishing; do not assume this is safe for confidential data. - The SKILL.md instructs spawning subagents and scheduling cron jobs. If the agent invokes this autonomously, it could run background tasks. Limit the agent's ability to run the skill autonomously or review scheduled jobs/cron entries the skill creates. - The skill does not declare required credentials but expects platform APIs/CLI (sessions_* functions, clawhub). Confirm what credentials/platform permissions are used and avoid supplying broad tokens unless you trust the code. Recommendations before enabling: - Review the three bundled scripts line-by-line and run them in a sandbox or VM first. - Disable automatic publishing (do not run extract.sh --publish) until you confirm outputs are safe. - Audit existing .learnings and session history for secrets; consider redaction policies before use. - Require manual approval for any publish/auto-extract actions and restrict agent autonomy for this skill. Given these ambiguities and the potential for unintended data exfiltration or background actions, treat this skill as suspicious until you validate the publish/auth flows and restrict its autonomy.

Like a lobster shell, security has layers — review code before you run it.

agentvk97ccn5rsgnjw4xd5wnm0eqdfs83mt6tevolutionvk97ccn5rsgnjw4xd5wnm0eqdfs83mt6tlatestvk97ccn5rsgnjw4xd5wnm0eqdfs83mt6tlearningvk97ccn5rsgnjw4xd5wnm0eqdfs83mt6tmemoryvk97ccn5rsgnjw4xd5wnm0eqdfs83mt6tself-improvementvk97ccn5rsgnjw4xd5wnm0eqdfs83mt6t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments