功能描述

A meta-skill that continuously improves other skills through trace+feedback-driven evolution, with the goal of making skill training, status checking, and ap...

使用说明 (SKILL.md)

Auto Skill Evolver

Name: Auto Skill Evolver
Author: ysshi-fpga

This skill allows your AI agent to autonomously improve its own skills. It uses an iterative "training" process where the agent practices a task, evaluates the result, and rewrites the skill definition to perform better next time.

⚠️ Security Notice: This skill modifies code/config files on your local machine. It runs the local openclaw CLI and executes arbitrary commands defined by you. Use with caution and review changes before applying them.

Prerequisites

Python 3.8+ installed.
OpenClaw CLI installed and configured (openclaw command available in PATH, external dependency and not bundled by this skill package).
No external API key required (uses your local OpenClaw agent configuration).
Strongly recommended to run with human review (--interactive) unless you are in a trusted CI pipeline.

Usage

1. Self-Training Mode (The "Gym")

Use this mode when you want the agent to practice a specific task repeatedly to perfect a skill.

Command:

python skills/auto-skill-evolver/scripts/train_loop.py \
  --skill-path "skills/target-skill/SKILL.md" \
  --command "[\"your-agent-command\", \"--task\", \"do the thing\"]" \
  --iterations 10 \
  --interval 300 \
  --trace-file "logs/execution.log" \
  --interactive-each-iteration

Parameters:

--skill-path: The path to the skill file you want to improve.
--command: The command to run the agent task.
- Recommended: pass a JSON array string (e.g., ["bin","--arg","value"]) for exact argv control.
- Security hardening: shell operators like &&, |, ;, redirection are rejected to prevent injection.
--iterations: How many times to practice (default: 10).
--interval: Seconds to wait between iterations (e.g., 1800 for 30 mins).
--trace-file: The file where your agent writes its execution logs.
--interactive-each-iteration: If enabled, each iteration requires yes or hash approval before apply.

2. In-Process Evolution (Hook Mode)

Use this mode to improve skills during normal usage.

Option A: Command Line Hook

# Step 1: Generate proposal and show full diff in current session
python skills/auto-skill-evolver/scripts/optimize_skill.py \
  --skill-path "skills/target-skill/SKILL.md" \
  --task-desc "User's request" \
  --trace-file "logs/session.log" \
  --feedback-file "logs/user_feedback.txt" \
  --allowed-sections "Usage,How It Works,Security" \
  --interactive

# Step 2: Apply existing proposal later (mobile/remote friendly)
python skills/auto-skill-evolver/scripts/optimize_skill.py \
  --skill-path "skills/target-skill/SKILL.md" \
  --apply-proposal \
  --approval-token yes

# Step 2 (token file mode): avoid exposing token in command args
python skills/auto-skill-evolver/scripts/optimize_skill.py \
  --skill-path "skills/target-skill/SKILL.md" \
  --apply-proposal \
  --approval-token-file "runtime/approval_token.txt" \
  --approval-expire-seconds 1800

# Step 3 (session-first): query current proposal status for mobile chat UI
python skills/auto-skill-evolver/scripts/optimize_skill.py \
  --skill-path "skills/target-skill/SKILL.md" \
  --status \
  --output-mode json

# Step 4 (single-action mobile flow): one action param only
python skills/auto-skill-evolver/scripts/optimize_skill.py \
  --skill-path "skills/target-skill/SKILL.md" \
  --chat-action approve

Option B: Python Integration (Wrapper)

from skills.auto_skill_evolver.scripts.hook_wrapper import trigger_evolution

# After task completion
report = trigger_evolution(
    skill_path="skills/target-skill/SKILL.md",
    task_desc="Analyze financial data",
    trace_file="logs/trace_123.log",
    feedback_file="logs/feedback_123.txt",
    interactive=True  # Ask for yes/hash approval before applying
)
print(report)

3. Version Control & Rollback

Every time the skill is updated, a backup is saved in .skill_versions/ inside the skill's directory.

Restore a previous version:

from skills.auto_skill_evolver.scripts.version_control import restore_version, list_versions

# List available versions
versions = list_versions("skills/target-skill/SKILL.md")
for v in versions:
    print(v['filename'], v['meta'])

# Restore
restore_version("skills/target-skill/SKILL.md", versions[1]['path'])

How It Works

Execute: The agent runs the task using the current skill.
Evaluate: The execution trace and user feedback are captured.
Optimize: A local OpenClaw sub-agent is spawned to analyze the trace and optimize the skill file.
Rewrite: The sub-agent writes updates using atomic replace to avoid partial writes/corruption.
Report: A changelog is generated (Added/Removed/Impact).
Proposal-First: Proposal artifacts are stored as .proposed and .proposed.meta.json.
Approval: Full unified diff is printed in the same session; apply accepts yes or exact proposal hash.
Deferred Apply: Existing proposal can be applied later with --apply-proposal, no re-optimization needed.
Expiry Guard: Use --approval-expire-seconds to reject stale proposals.
Session Integration: Use --status and --output-mode json to expose proposal state and next actions to chat/mobile UI.
Single-Action Chat Mode: --chat-action propose|status|approve reduces client decision complexity.

Security

This skill includes built-in defenses against Prompt Injection attacks from execution logs and local file tampering:

Prompt Isolation: The optimizer is explicitly instructed to treat logs as untrusted data and ignore any instructions found within them.
Multi-layer Security Scans: Before apply, generated content goes through multiple scanners:
- Diff-aware high-risk behavior detection (new dangerous commands compared with original version)
- Absolute high-risk blocklist scan (e.g., curl, rm -rf, chmod 777, disk destructive patterns)
- Prompt-injection marker scan (e.g., instruction-override phrases, role-escalation terms)
Permission Validation: Target skill/trace/feedback paths are validated (regular file only, no symlink redirection, required read/write access).
Atomic Writes: Skill proposals, applied updates, and update reports are written atomically (tempfile + os.replace) to prevent partial writes and race-condition corruption.
Local Execution: All optimization happens locally via your configured OpenClaw agent, ensuring no data leaves your controlled environment.
Secure Workspace: Optimization artifacts (traces, logs) are processed in a secured directory (.secure_workspace) with restricted permissions (current user only) to prevent tampering during the update process.
Section Whitelist Rewrite: By default only selected H2 sections are replaceable (Usage, How It Works, Security). Frontmatter and non-whitelisted sections remain unchanged.
Approval Gate: Every proposal has SHA256 fingerprint. Apply accepts yes or exact hash entry, and full diff is always visible in-session.
Token File Approval: --approval-token-file supports file-based approval for mobile/server control without exposing token in process args.
Proposal Expiry: --approval-expire-seconds enforces max age to block stale proposal apply.
Structured Session Output: --output-mode json emits machine-readable proposal/approval events for conversation-driven clients.
Risk Card Field: JSON events include risk_level (low|medium|high) for red/yellow/green mobile cards.
Writable Scope Guard: --allowed-skill-roots limits writable target ranges to approved root paths.
Self-Target Guard: self-modification is blocked by default; use --allow-self-target only in controlled maintenance.
Strict Compatibility Guard: Legacy high-risk flags are rejected with migration guidance.

Mobile Chat Quickstart

Use the same script with one action:

# Start training proposal
python skills/auto-skill-evolver/scripts/optimize_skill.py --skill-path "skills/target-skill/SKILL.md" --chat-action propose --task-desc "..." --trace-file "..." --feedback-file "..."

# Check proposal in 3-line text mode (small screen)
python skills/auto-skill-evolver/scripts/optimize_skill.py --skill-path "skills/target-skill/SKILL.md" --chat-action status --output-mode text

# Approve proposal (requires explicit yes/hash token or interactive input)
python skills/auto-skill-evolver/scripts/optimize_skill.py --skill-path "skills/target-skill/SKILL.md" --chat-action approve

Natural language mode (no need to remember action flags):

# Chinese: start training
python skills/auto-skill-evolver/scripts/optimize_skill.py --chat-text "训练 auto-skill-evolver"

# English: start training
python skills/auto-skill-evolver/scripts/optimize_skill.py --chat-text "train auto-skill-evolver"

# Chinese: check status
python skills/auto-skill-evolver/scripts/optimize_skill.py --chat-text "查看 auto-skill-evolver 状态" --output-mode text

# English: approve
python skills/auto-skill-evolver/scripts/optimize_skill.py --chat-text "approve auto-skill-evolver"

Conversation Triggers

The router can infer action + skill from natural phrases:

Chinese training intents: 训练 xxx 优化 xxx 让 xxx 技能迭代 让 xxx 技能进化
Chinese status intents: 查看 xxx 训练状态 查询 xxx 状态
Chinese approve intents: 批准 xxx 应用 xxx 提案 确认通过 xxx
English training intents: train xxx optimize xxx evolve xxx
English status intents: status xxx check xxx progress
English approve intents: approve xxx apply xxx proposal

If user says 这个技能 / 当前技能 / this skill, it maps to auto-skill-evolver.

Strict Release Profile

This release is hardened for marketplace safety review:

No autonomous apply path.
No whitelist-bypass flag.
Proposal-first workflow is mandatory (.proposed + .proposed.meta.json).
Apply requires explicit approval token (yes or proposal hash), including token-file and deferred apply mode.
Write scope is constrained by allowed roots and self-target is disabled by default.
Recommended to run in isolated development environments.

Legacy high-risk flags are intentionally rejected:

--auto-apply
--disable-section-whitelist

Security Tests

Run local checks before publishing:

python -m py_compile skills/auto-skill-evolver/scripts/optimize_skill.py
python skills/auto-skill-evolver/scripts/optimize_skill.py --help

Expected outcome:

Commands exit with code 0.
Legacy high-risk flags are rejected.
Whitelist/frontmatter protection works.
Hash checks remain stable.

Directory Structure

skills/auto-skill-evolver/
├── SKILL.md              # This file
├── prompts/
│   └── optimizer.md      # The meta-prompt for the Optimizer LLM
└── scripts/
    ├── optimize_skill.py # Core optimization logic
    ├── train_loop.py     # Self-training loop
    └── version_control.py# Backup and restore utilities

安全使用建议

This package is coherent with its goal (it reads execution traces, runs a local optimizer, and rewrites SKILL.md files). Important cautions before you install/use it: - Review optimize_skill.py (the truncated portion) to confirm how it invokes the OpenClaw sub-agent or any LLM/network calls — ensure no unexpected remote endpoints or credentials are used. - Run it with interactive approval (--interactive or --interactive-each-iteration) until you trust it; an approval token file containing the literal 'yes' will allow apply without further manual review. - The package modifies files on disk; ensure the skill files you pass are the intended targets and not symlinks. The code enforces symlink rejection and permission checks, but using it with privileged or system paths is unsafe. - Keep backups and/or run first in an isolated environment (container or a Git branch) so accidental or incorrect rewrites can be reverted. The tool creates .skill_versions backups, but you should have an additional source control snapshot. - The scripts execute subprocesses (user-supplied command and CLI calls). They attempt to block shell operators and some high-risk patterns (e.g., rm -rf, mkfs, curl/wget detection), but this is not a substitute for operational caution — only run commands you control. If you want higher assurance, provide the full (untruncated) optimize_skill.py and check for any network calls, credential reads, or subprocess invocations that reach external services; this would raise or lower confidence in the assessment.

功能分析

Type: OpenClaw Skill Name: auto-skill-evolver Version: 1.5.1 The auto-skill-evolver is a meta-skill designed to iteratively improve other OpenClaw skills. While it possesses the high-risk capability of modifying local code files, it implements extensive security controls to mitigate abuse, including SHA256-based proposal approval tokens, mandatory human-in-the-loop workflows, and a multi-layered security scanner (in security_utils.py) that detects high-risk commands and prompt injection markers. The scripts (optimize_skill.py and train_loop.py) use safe subprocess execution with shell=False and strict argument sanitization to prevent command injection, and the skill enforces a section whitelist to protect critical metadata and frontmatter from unauthorized modification.

能力评估

✓ Purpose & Capability

The name/description (auto-improving skills) matches what the package does: it reads traces, runs optimization, and rewrites SKILL.md files. The declared runtime dependency on openclaw-cli is consistent with spawning a local sub-agent. It does not request unrelated credentials or external services in its metadata.

ℹ Instruction Scope

The SKILL.md and scripts explicitly instruct the agent to read execution traces, create backups, and rewrite target SKILL.md files. This is expected for its purpose, but notable: it executes local commands (via subprocess) and spawns a local optimizer that will generate text used to overwrite skill files. The code attempts to enforce safety (reject symlinks, check permissions, frontmatter protection, section whitelist, scan for high-risk patterns, atomic writes), but the optimization process still writes to disk and may call the configured openclaw-cli or other subprocesses depending on the truncated parts of optimize_skill.py. Review the optimizer's actual LLM/subprocess invocation to confirm no network exfiltration or unexpected endpoints are used.

✓ Install Mechanism

No install spec (instruction-only / script bundle). Nothing is downloaded from external URLs during install. Files are included in the package, and there are no external installers or archive downloads in the manifest.

✓ Credentials

The skill declares no required environment variables or credentials. It operates on local files and uses the local openclaw CLI; this is proportionate to the stated purpose. No unrelated secrets are requested.

ℹ Persistence & Privilege

always:false (no forced global presence). The skill writes backups and a secure workspace under the skill's directory ('.skill_versions', '.secure_workspace') and requires write permission to the target SKILL.md, which is expected. Autonomous invocation is allowed by platform defaults; consider enabling interactive approval for applying proposals if you want human-in-the-loop control.

版本历史

v1.5.1

- Added explicit runtime dependency metadata for openclaw-cli. - Clarified in prerequisites that OpenClaw CLI is an external dependency and not bundled with this skill. - No functional changes; this update documents runtime requirements more precisely.

v1.5.0

**Summary:** v1.5.0 introduces conversational and mobile-friendly auto-proposing, status checking, and approval of skill updates, with enhanced multi-language intent recognition and approval workflows. - Adds natural language intent recognition (Chinese/English) for common commands like skill training, evolution, status checking, and approval. - New chat-optimized workflows: skills can now propose, check status, and approve updates via single-action or multi-step chat flows. - Supports deferring proposal application (safe auto-propose, later approval), with token or file-based approval and expiry guard for added security. - Exposes status and actions in machine-readable (JSON) format, improving integration with chat/mobile UIs. - Removes any implied autonomous apply: every update now requires explicit, secure approval for safety. - Version upgraded to 1.5.0.

v1.4.1

auto-skill-evolver 1.4.1 is a security and UX-hardening release. - Approval workflow now explicitly accepts either "yes" or the exact proposal hash, with the full unified diff always shown before apply. - Updated documentation to clarify that both "yes" and hash are accepted as approval tokens in interactive and hook modes. - Security section and usage examples more clearly highlight the in-session diff and approval flow for transparency. - No code changes—documentation update only.

v1.4.0

**Big change: This release applies a strict security and safety profile, removing autonomous apply functionality.** - Removed all autonomous and non-interactive auto-apply paths; changes must be approved interactively with hash validation. - Introduced the `--interactive-each-iteration` flag for training mode, requiring hash approval every iteration. - Added strict rejection of legacy high-risk flags (`--auto-apply`, `--disable-section-whitelist`) with migration guidance. - Strengthened prompt-injection and high-risk operation scanning, and clarified section whitelist protections. - Documented a hardened proposal-first workflow, ensuring updates are proposed and approved before being applied. - Recommended use in isolated development environments and provided clear security and testing instructions.

v1.3.0

auto-skill-evolver v1.3.0 adds major security hardening and safer auto-update controls. - Strengthened security: strict file permission validation, absolute/relative path rejection, and multiple scanners block prompt injection, destructive commands, and malicious content. - Atomic writes are now enforced to prevent race conditions and file corruption during skill updates. - Auto-apply is only allowed if an explicit SHA256 approval hash is provided—protects against unauthorized/self-modifying attacks. - By default, only selected SKILL.md sections can be rewritten; frontmatter and other content remain unchanged unless whitelisted. - Command execution in training is now argv-array only; shell operators and redirection are rejected. - Human review and hash confirmation are the default/safest path for all self-evolution flows.

v1.1.1

- Added explicit security warning about the risks of code and config modification, highlighting the dangers of automatic overwriting. - Introduced and documented new `--auto-apply` (for train_loop.py) and `--interactive` (for optimize_skill.py) flags to improve control over automatic skill updates. - Clarified usage of `auto_apply` parameter in Python integration, emphasizing safe mode default. - Updated metadata to specify `openclaw` binary installation requirement. - Improved instructions for safe usage, highlighting review steps when using auto-apply features.

v1.1.0

- Added security utilities (`scripts/security_utils.py`) to enhance protection against prompt injection and unsafe skill modifications. - Updated prerequisites to require OpenClaw CLI; now operates entirely with your local OpenClaw agent and no external API keys. - Improved security: Introduced prompt isolation, safety validation for generated skills, local-only optimization, and secured workspace handling. - Updated "How It Works" to clarify local optimization via a spawned OpenClaw sub-agent. - Documentation updates in SKILL.md reflecting new security mechanisms and streamlined local execution.

v1.0.0

Auto-skill-evolver v1.0.0 – Initial Release - Introduces a meta-skill for autonomous skill improvement via iterative practice and feedback (Natural Language Gradient Descent). - Supports both self-training mode ("Gym") and in-process evolution (hook mode) for skill optimization. - Automates evaluation and rewriting of skill definitions based on execution traces and user feedback. - Includes robust version control for skill updates with easy rollback and backup features. - Provides clear usage instructions for command line and Python integration.

元数据

Slug auto-skill-evolver

版本 1.5.1

许可证 MIT-0

累计安装 4

当前安装数 4

历史版本数 8

常见问题