Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Rotifer Self Evolving Agent
v2.2.1Your Agent evolves itself — scans capabilities, benchmarks against Arena rankings, and upgrades automatically
⭐ 0· 96·0 current·0 all-time
byXiaoba@xiaoba-dev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the requested capabilities: scanning local agent configuration, querying Arena rankings, and proposing upgrades. Reading ~/.rotifer and contacting rotifer.dev are consistent with the described purpose. However, the skill delegates core behavior to an npm package fetched at runtime, so the true capabilities depend on that remote code.
Instruction Scope
SKILL.md limits actions to listing local agents/genes, comparing against Arena data, and only writing under ~/.rotifer with user confirmation. It explicitly calls out network:outbound and running `npx @rotifer/mcp-server`. The instructions are high-level and delegate the real work to the MCP server package — the runtime behavior is therefore opaque unless you inspect that package.
Install Mechanism
No static install; the skill runs `npx @rotifer/mcp-server@0.8.1` at runtime which downloads and executes code from npm on first use. An npm package is a moderate-risk install mechanism: it is standard but executes remote code. The SKILL.md mentions verifying dist.integrity, which helps, but the runtime fetch remains a notable risk.
Credentials
No env vars or credentials are declared, and the skill claims to use only a Supabase anon key. However, it reads ~/.rotifer/ (local agent configuration) — that directory could contain other skills' configuration, API keys, or tokens. Although the SKILL.md asserts local data won't be transmitted, that guarantee depends on the fetched MCP server code being honest; reading local config is proportional for the feature but raises confidentiality risks.
Persistence & Privilege
always is false and there is no install spec writing system-wide files. The skill asserts writes are limited to ~/.rotifer/ and require explicit user confirmation. Autonomous invocation (model calls) is allowed by default; that alone is not flagged, but combined with runtime npm execution it increases blast radius if the fetched package is malicious.
What to consider before installing
This skill is coherent with its stated purpose but relies on running remote code (npx @rotifer/mcp-server) and reading your local agent configuration (~/.rotifer/). Before installing or running it: 1) review the referenced package source on GitHub and verify the npm dist.integrity value; 2) back up and inspect ~/.rotifer for secrets or tokens that could be exposed; 3) run the skill first in an isolated environment (or container) to observe network traffic and file writes; 4) prefer installing only if you trust the Rotifer project or are comfortable auditing the MCP server code yourself. If you cannot verify the remote package, treat the runtime npm fetch as an unacceptable risk.Like a lobster shell, security has layers — review code before you run it.
latestvk975s4dpzj3e4stwzxnbr40kqs84ckj3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.