Path Evolver

The skill's declared behavior (local JSON cache + searching ClawHub/GitHub for alternative skills) aligns with its requirements and has no disproportionate privileges, but its network/sanitization guarantees are asserted in prose only and rely on the agent following them at runtime.

This skill appears coherent and lightweight, but because it's instruction-only the promised safeguards ("only send task TYPE", "do not send user inputs") are policy statements, not enforced code. Before installing: 1) Audit or monitor the created cache file (~/.openclaw/workspace/.path-evolver/workflow-cache.json) to confirm what is stored. 2) Verify or configure the agent to strictly sanitize queries (send only task categories) before any network request. 3) Be aware GitHub API usage can require tokens/rate-limit handling; ensure no secrets are supplied unless you intend it. 4) Limit network egress (or inspect traffic) if you operate in a sensitive environment. If you need stronger guarantees, prefer a version that includes enforceable client-side code for sanitization or that runs entirely offline.