Auto Skill Evolver
v1.5.1A meta-skill that continuously improves other skills through trace+feedback-driven evolution, with the goal of making skill training, status checking, and ap...
⭐ 2· 603·4 current·4 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (auto-improving skills) matches what the package does: it reads traces, runs optimization, and rewrites SKILL.md files. The declared runtime dependency on openclaw-cli is consistent with spawning a local sub-agent. It does not request unrelated credentials or external services in its metadata.
Instruction Scope
The SKILL.md and scripts explicitly instruct the agent to read execution traces, create backups, and rewrite target SKILL.md files. This is expected for its purpose, but notable: it executes local commands (via subprocess) and spawns a local optimizer that will generate text used to overwrite skill files. The code attempts to enforce safety (reject symlinks, check permissions, frontmatter protection, section whitelist, scan for high-risk patterns, atomic writes), but the optimization process still writes to disk and may call the configured openclaw-cli or other subprocesses depending on the truncated parts of optimize_skill.py. Review the optimizer's actual LLM/subprocess invocation to confirm no network exfiltration or unexpected endpoints are used.
Install Mechanism
No install spec (instruction-only / script bundle). Nothing is downloaded from external URLs during install. Files are included in the package, and there are no external installers or archive downloads in the manifest.
Credentials
The skill declares no required environment variables or credentials. It operates on local files and uses the local openclaw CLI; this is proportionate to the stated purpose. No unrelated secrets are requested.
Persistence & Privilege
always:false (no forced global presence). The skill writes backups and a secure workspace under the skill's directory ('.skill_versions', '.secure_workspace') and requires write permission to the target SKILL.md, which is expected. Autonomous invocation is allowed by platform defaults; consider enabling interactive approval for applying proposals if you want human-in-the-loop control.
Assessment
This package is coherent with its goal (it reads execution traces, runs a local optimizer, and rewrites SKILL.md files). Important cautions before you install/use it:
- Review optimize_skill.py (the truncated portion) to confirm how it invokes the OpenClaw sub-agent or any LLM/network calls — ensure no unexpected remote endpoints or credentials are used.
- Run it with interactive approval (--interactive or --interactive-each-iteration) until you trust it; an approval token file containing the literal 'yes' will allow apply without further manual review.
- The package modifies files on disk; ensure the skill files you pass are the intended targets and not symlinks. The code enforces symlink rejection and permission checks, but using it with privileged or system paths is unsafe.
- Keep backups and/or run first in an isolated environment (container or a Git branch) so accidental or incorrect rewrites can be reverted. The tool creates .skill_versions backups, but you should have an additional source control snapshot.
- The scripts execute subprocesses (user-supplied command and CLI calls). They attempt to block shell operators and some high-risk patterns (e.g., rm -rf, mkfs, curl/wget detection), but this is not a substitute for operational caution — only run commands you control.
If you want higher assurance, provide the full (untruncated) optimize_skill.py and check for any network calls, credential reads, or subprocess invocations that reach external services; this would raise or lower confidence in the assessment.Like a lobster shell, security has layers — review code before you run it.
latestvk97bxxc2k2sg988f7d30w5ppr582vnay
License
MIT-0
Free to use, modify, and redistribute. No attribution required.