📦 Self Evolve — 自主进化
v1.0.2赋予智能体全权自我修改配置、技能、提示、AGENTS.md、SOUL.md 及记忆文件,实现持续自主进化。
0· 200·0 当前·0 累计
by 下载技能包
最后更新
2026/3/24
安全扫描
OpenClaw
可疑
medium confidenceThe skill's stated purpose (let the agent autonomously modify its own config and skills) matches its instructions and helper scripts, but there are important inconsistencies and high-risk capabilities (modify system config, create/publish skills, run curl/bash, autonomous edits without confirmation) that make this risky to install without strict safeguards.
评估建议
This skill is coherent with its stated goal of self-modification, but it grants very broad powers (edit any workspace file, change system config, run shell/network commands, create and publish skills) and includes contradictory guidance about what must be confirmed. Before installing: 1) Do not install on production or an environment with access to secrets; run in an isolated sandbox. 2) Require explicit, auditable user confirmations for any change to core/system files or for publishing to exter...详细分析 ▾
ℹ 用途与能力
The name/description (self-evolution, modify own config/skills/prompts/memory) align with the SKILL.md and included scripts (backup and rollback) — those artifacts exist and support the claimed purpose. However, there is an inconsistency: SKILL.md explicitly allows editing system configuration (e.g., ~/.openclaw/openclaw.json) while SAFETY-PROTOCOL.md later forbids modifying gateway core configuration / certain key fields. Also the skill promises ‘WITHOUT asking for confirmation’ but the docs enumerate many cases that require confirmation. That mismatch between 'always modify without asking' and the listed exceptions is an incoherence the user should notice.
⚠ 指令范围
The runtime instructions authorize broad actions beyond simple in-place tuning: editing any workspace file, creating/deleting skills under skills/, running bash commands, using curl to access the network, installing tools/dependencies, and publishing to ClawHub via npx. Those are coherent with a self-evolution goal, but they grant the agent the ability to (a) change other skills and system config, (b) push code externally (which could leak data or publish malicious code), and (c) execute arbitrary shell/network commands. The instructions also reference absolute local paths (C:\Users\Administrator\.openclaw\workspace), implying workspace-wide access. The docs claim backups/rollback mitigate risk, but the operational rules are broad and include several exceptions that rely on the agent’s judgment — this is a large scope for an autonomous agent.
✓ 安装机制
No install spec — instruction-only with two small helper scripts for backup/rollback. That reduces direct install-time risk (no remote downloads or package installs bundled).
ℹ 凭证需求
The skill requests no environment variables or credentials, which superficially limits its access. But its capabilities (run curl, publish with npx, edit ~/.openclaw/openclaw.json, create/publish skills) imply it can interact with external services and system configuration without explicitly declaring required credentials. The absence of declared credentials is surprising given the 'npx clawhub publish' step (which typically requires auth). That mismatch is a proportionality/information gap: either the skill relies on environment-level credentials not declared, or it expects to prompt for/obtain credentials at runtime — both raise operational questions.
⚠ 持久化与权限
The skill does not set always:true, but it explicitly grants the agent authority to modify persistent agent configuration, cron jobs, other skills, and to install/enable new capabilities. Those are high privileges: an autonomous invocation combined with write/publish power gives a large blast radius. While the skill includes backup and rollback helpers, those do not materially limit the agent from changing system behavior, exfiltrating data, or publishing changed skills externally. This level of persistent control over the agent/skill ecosystem is a significant privilege and should be constrained.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.22026/3/21
- Removed all content from SKILL.md except for a new section detailing paid customization services and contact information. - Documentation no longer includes operational principles, backup and safety protocols, self-evolution processes, or agent behavioral guidelines. - The change represents a shift from technical and procedural documentation to a services-only information page.
● 可疑
安装命令
点击复制官方npx clawhub@latest install self-evolve-automaton
镜像加速npx clawhub@latest install self-evolve-automaton --registry https://cn.longxiaskill.com