技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.38.0
统计:⭐ 62 · 32.8k · 241 current installs · 259 all-time installs
⭐ 62
安装量(当前) 259
🛡 VirusTotal:Pending · OpenClaw :可疑
Package:autogame-17/evolver
安全扫描(ClawHub)
- VirusTotal:Pending
- OpenClaw :可疑
OpenClaw 评估
The skill largely matches its self‑evolution purpose but contains several internal inconsistencies and powers (self‑modification, networked asset ingestion, running validation scripts, writing to workspace/src) that require careful review before use.
目的
Name/description (self‑evolver) aligns with required binaries (node, git) and the included code. However the registry claims an instruction‑only skill while the package contains a full Node.js project (many source files and scripts). That packaging mismatch is unexpected and worth attention.
说明范围
SKILL.md + code permit reading runtime/memory logs and writing to workspace/memory/** and workspace/assets/** and, critically, to workspace/src/** when changes are solidified. README and SKILL.md make contradictory claims ('does NOT automatically edit your source code' vs code paths that will write evolved code under certain flags). The skill also declares network and shell permissions and will run validation commands (node/npm) as part of sol…
安装机制
No external install spec (instruction-only) lowers install risk, but the repository includes a full package.json and many scripts. There is no download-from-URL install risk, but bundling a runnable project inside an 'instruction-only' item is inconsistent and means the agent may execute included code without an explicit install step.
证书
Registry metadata lists only A2A_NODE_ID as required, but SKILL.md exposes many optional credentials (A2A_NODE_SECRET, GITHUB_TOKEN, MEMORY_GRAPH_REMOTE_KEY) and network endpoints. Some network auth is marked optional in one place and required in another (A2A node secret vs network_endpoints), an internal inconsistency. Optional tokens (GitHub, memory graph, A2A secret) would grant the skill broad remote privileges if set — these are sensitive…
持久
The skill can run as a long‑running daemon (--loop), create heartbeats to an external hub, participate in a worker pool, and (when allowed) solidify changes into workspace/src/**. It does not set always:true, but its ability to persist, checkpoint state (evolution_solidify_state.json), and write source files combined with remote network hooks increases its blast radius if misconfigured or if remote assets are promoted.
index.js:242
Shell command execution detected (child_process).
scripts/build_public.js:170
Shell command execution detected (child_process).
scripts/generate_history.js:17
Shell command execution detected (child_process).
scripts/publish_public.js:13
Shell command execution detected (child_process).
scripts/recover_loop.js:19
Shell command execution detected (child_process).
scripts/suggest_version.js:27
Shell command execution detected (child_process).
scripts/validate-suite.js:19
Shell command execution detected (child_process).
src/evolve.js:485
Shell command execution detected (child_process).
src/gep/deviceId.js:51
Shell command execution detected (child_process).
src/gep/gitOps.js:12
Shell command execution detected (child_process).
src/gep/idleScheduler.js:39
Shell command execution detected (child_process).
src/gep/llmReview.js:70
Shell command execution detected (child_process).
src/ops/health_check.js:20
Shell command execution detected (child_process).
src/ops/lifecycle.js:27
Shell command execution detected (child_process).
src/ops/self_repair.js:17
Shell command execution detected (child_process).
src/ops/skills_monitor.js:96
Shell command execution detected (child_process).
test/bridge.test.js:98
Shell command execution detected (child_process).
test/loopMode.test.js:129
Shell command execution detected (child_process).
index.js:109
Environment variable access combined with network send.
scripts/publish_public.js:248
Environment variable access combined with network send.
src/evolve.js:46
Environment variable access combined with network send.
src/gep/a2aProtocol.js:75
Environment variable access combined with network send.
src/gep/hubReview.js:104
Environment variable access combined with network send.
src/gep/hubSearch.js:73
Environment variable access combined with network send.
src/gep/issueReporter.js:21
Environment variable access combined with network send.
src/gep/memoryGraphAdapter.js:77
Environment variable access combined with network send.
src/gep/skillDistiller.js:9
Environment variable access combined with network send.
src/gep/taskReceiver.js:11
Environment variable access combined with network send.
src/ops/self_repair.js:45
Environment variable access combined with network send.
test/a2aProtocol.test.js:148
Environment variable access combined with network send.
index.js:19
File read combined with network send (possible exfiltration).
scripts/publish_public.js:254
File read combined with network send (possible exfiltration).
src/evolve.js:575
File read combined with network send (possible exfiltration).
src/gep/a2aProtocol.js:41
File read combined with network send (possible exfiltration).
src/gep/hubReview.js:24
File read combined with network send (possible exfiltration).
src/gep/issueReporter.js:42
File read combined with network send (possible exfiltration).
src/gep/questionGenerator.js:20
File read combined with network send (possible exfiltration).
src/gep/skillDistiller.js:26
File read combined with network send (possible exfiltration).
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Evolver」。简介:A self-evolution engine for AI agents. Analyzes runtime history to identify imp…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/autogame-17/evolver/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。