功能描述

A meta-skill that continuously improves other skills through trace+feedback-driven evolution, with the goal of making skill training, status checking, and ap...

使用说明 (SKILL.md)

Auto Skill Evolver

Name: Auto Skill Evolver 1.5.1
Author: zhangyingzhuangk

This skill allows your AI agent to autonomously improve its own skills. It uses an iterative "training" process where the agent practices a task, evaluates the result, and rewrites the skill definition to perform better next time.

⚠️ Security Notice: This skill modifies code/config files on your local machine. It runs the local openclaw CLI and executes arbitrary commands defined by you. Use with caution and review changes before applying them.

Prerequisites

Python 3.8+ installed.
OpenClaw CLI installed and configured (openclaw command available in PATH, external dependency and not bundled by this skill package).
No external API key required (uses your local OpenClaw agent configuration).
Strongly recommended to run with human review (--interactive) unless you are in a trusted CI pipeline.

Usage

1. Self-Training Mode (The "Gym")

Use this mode when you want the agent to practice a specific task repeatedly to perfect a skill.

Command:

python skills/auto-skill-evolver/scripts/train_loop.py \
  --skill-path "skills/target-skill/SKILL.md" \
  --command "[\"your-agent-command\", \"--task\", \"do the thing\"]" \
  --iterations 10 \
  --interval 300 \
  --trace-file "logs/execution.log" \
  --interactive-each-iteration

Parameters:

--skill-path: The path to the skill file you want to improve.
--command: The command to run the agent task.
- Recommended: pass a JSON array string (e.g., ["bin","--arg","value"]) for exact argv control.
- Security hardening: shell operators like &&, |, ;, redirection are rejected to prevent injection.
--iterations: How many times to practice (default: 10).
--interval: Seconds to wait between iterations (e.g., 1800 for 30 mins).
--trace-file: The file where your agent writes its execution logs.
--interactive-each-iteration: If enabled, each iteration requires yes or hash approval before apply.

2. In-Process Evolution (Hook Mode)

Use this mode to improve skills during normal usage.

Option A: Command Line Hook

# Step 1: Generate proposal and show full diff in current session
python skills/auto-skill-evolver/scripts/optimize_skill.py \
  --skill-path "skills/target-skill/SKILL.md" \
  --task-desc "User's request" \
  --trace-file "logs/session.log" \
  --feedback-file "logs/user_feedback.txt" \
  --allowed-sections "Usage,How It Works,Security" \
  --interactive

# Step 2: Apply existing proposal later (mobile/remote friendly)
python skills/auto-skill-evolver/scripts/optimize_skill.py \
  --skill-path "skills/target-skill/SKILL.md" \
  --apply-proposal \
  --approval-token yes

# Step 2 (token file mode): avoid exposing token in command args
python skills/auto-skill-evolver/scripts/optimize_skill.py \
  --skill-path "skills/target-skill/SKILL.md" \
  --apply-proposal \
  --approval-token-file "runtime/approval_token.txt" \
  --approval-expire-seconds 1800

# Step 3 (session-first): query current proposal status for mobile chat UI
python skills/auto-skill-evolver/scripts/optimize_skill.py \
  --skill-path "skills/target-skill/SKILL.md" \
  --status \
  --output-mode json

# Step 4 (single-action mobile flow): one action param only
python skills/auto-skill-evolver/scripts/optimize_skill.py \
  --skill-path "skills/target-skill/SKILL.md" \
  --chat-action approve

Option B: Python Integration (Wrapper)

from skills.auto_skill_evolver.scripts.hook_wrapper import trigger_evolution

# After task completion
report = trigger_evolution(
    skill_path="skills/target-skill/SKILL.md",
    task_desc="Analyze financial data",
    trace_file="logs/trace_123.log",
    feedback_file="logs/feedback_123.txt",
    interactive=True  # Ask for yes/hash approval before applying
)
print(report)

3. Version Control & Rollback

Every time the skill is updated, a backup is saved in .skill_versions/ inside the skill's directory.

Restore a previous version:

from skills.auto_skill_evolver.scripts.version_control import restore_version, list_versions

# List available versions
versions = list_versions("skills/target-skill/SKILL.md")
for v in versions:
    print(v['filename'], v['meta'])

# Restore
restore_version("skills/target-skill/SKILL.md", versions[1]['path'])

How It Works

Execute: The agent runs the task using the current skill.
Evaluate: The execution trace and user feedback are captured.
Optimize: A local OpenClaw sub-agent is spawned to analyze the trace and optimize the skill file.
Rewrite: The sub-agent writes updates using atomic replace to avoid partial writes/corruption.
Report: A changelog is generated (Added/Removed/Impact).
Proposal-First: Proposal artifacts are stored as .proposed and .proposed.meta.json.
Approval: Full unified diff is printed in the same session; apply accepts yes or exact proposal hash.
Deferred Apply: Existing proposal can be applied later with --apply-proposal, no re-optimization needed.
Expiry Guard: Use --approval-expire-seconds to reject stale proposals.
Session Integration: Use --status and --output-mode json to expose proposal state and next actions to chat/mobile UI.
Single-Action Chat Mode: --chat-action propose|status|approve reduces client decision complexity.

Security

This skill includes built-in defenses against Prompt Injection attacks from execution logs and local file tampering:

Prompt Isolation: The optimizer is explicitly instructed to treat logs as untrusted data and ignore any instructions found within them.
Multi-layer Security Scans: Before apply, generated content goes through multiple scanners:
- Diff-aware high-risk behavior detection (new dangerous commands compared with original version)
- Absolute high-risk blocklist scan (e.g., curl, rm -rf, chmod 777, disk destructive patterns)
- Prompt-injection marker scan (e.g., instruction-override phrases, role-escalation terms)
Permission Validation: Target skill/trace/feedback paths are validated (regular file only, no symlink redirection, required read/write access).
Atomic Writes: Skill proposals, applied updates, and update reports are written atomically (tempfile + os.replace) to prevent partial writes and race-condition corruption.
Local Execution: All optimization happens locally via your configured OpenClaw agent, ensuring no data leaves your controlled environment.
Secure Workspace: Optimization artifacts (traces, logs) are processed in a secured directory (.secure_workspace) with restricted permissions (current user only) to prevent tampering during the update process.
Section Whitelist Rewrite: By default only selected H2 sections are replaceable (Usage, How It Works, Security). Frontmatter and non-whitelisted sections remain unchanged.
Approval Gate: Every proposal has SHA256 fingerprint. Apply accepts yes or exact hash entry, and full diff is always visible in-session.
Token File Approval: --approval-token-file supports file-based approval for mobile/server control without exposing token in process args.
Proposal Expiry: --approval-expire-seconds enforces max age to block stale proposal apply.
Structured Session Output: --output-mode json emits machine-readable proposal/approval events for conversation-driven clients.
Risk Card Field: JSON events include risk_level (low|medium|high) for red/yellow/green mobile cards.
Writable Scope Guard: --allowed-skill-roots limits writable target ranges to approved root paths.
Self-Target Guard: self-modification is blocked by default; use --allow-self-target only in controlled maintenance.
Strict Compatibility Guard: Legacy high-risk flags are rejected with migration guidance.

Mobile Chat Quickstart

Use the same script with one action:

# Start training proposal
python skills/auto-skill-evolver/scripts/optimize_skill.py --skill-path "skills/target-skill/SKILL.md" --chat-action propose --task-desc "..." --trace-file "..." --feedback-file "..."

# Check proposal in 3-line text mode (small screen)
python skills/auto-skill-evolver/scripts/optimize_skill.py --skill-path "skills/target-skill/SKILL.md" --chat-action status --output-mode text

# Approve proposal (requires explicit yes/hash token or interactive input)
python skills/auto-skill-evolver/scripts/optimize_skill.py --skill-path "skills/target-skill/SKILL.md" --chat-action approve

Natural language mode (no need to remember action flags):

# Chinese: start training
python skills/auto-skill-evolver/scripts/optimize_skill.py --chat-text "训练 auto-skill-evolver"

# English: start training
python skills/auto-skill-evolver/scripts/optimize_skill.py --chat-text "train auto-skill-evolver"

# Chinese: check status
python skills/auto-skill-evolver/scripts/optimize_skill.py --chat-text "查看 auto-skill-evolver 状态" --output-mode text

# English: approve
python skills/auto-skill-evolver/scripts/optimize_skill.py --chat-text "approve auto-skill-evolver"

Conversation Triggers

The router can infer action + skill from natural phrases:

Chinese training intents: 训练 xxx 优化 xxx 让 xxx 技能迭代 让 xxx 技能进化
Chinese status intents: 查看 xxx 训练状态 查询 xxx 状态
Chinese approve intents: 批准 xxx 应用 xxx 提案 确认通过 xxx
English training intents: train xxx optimize xxx evolve xxx
English status intents: status xxx check xxx progress
English approve intents: approve xxx apply xxx proposal

If user says 这个技能 / 当前技能 / this skill, it maps to auto-skill-evolver.

Strict Release Profile

This release is hardened for marketplace safety review:

No autonomous apply path.
No whitelist-bypass flag.
Proposal-first workflow is mandatory (.proposed + .proposed.meta.json).
Apply requires explicit approval token (yes or proposal hash), including token-file and deferred apply mode.
Write scope is constrained by allowed roots and self-target is disabled by default.
Recommended to run in isolated development environments.

Legacy high-risk flags are intentionally rejected:

--auto-apply
--disable-section-whitelist

Security Tests

Run local checks before publishing:

python -m py_compile skills/auto-skill-evolver/scripts/optimize_skill.py
python skills/auto-skill-evolver/scripts/optimize_skill.py --help

Expected outcome:

Commands exit with code 0.
Legacy high-risk flags are rejected.
Whitelist/frontmatter protection works.
Hash checks remain stable.

Directory Structure

skills/auto-skill-evolver/
├── SKILL.md              # This file
├── prompts/
│   └── optimizer.md      # The meta-prompt for the Optimizer LLM
└── scripts/
    ├── optimize_skill.py # Core optimization logic
    ├── train_loop.py     # Self-training loop
    └── version_control.py# Backup and restore utilities

安全使用建议

This tool is powerful and mostly coherent with its stated purpose, but take these precautions before using it: 1) Prefer running in interactive mode so each proposed change must be approved; never run with unattended approval tokens unless you fully trust the environment. 2) Verify the OpenClaw CLI dependency is installed and declared (SKILL.md mentions it but registry metadata didn't list required binaries). 3) Inspect the included scripts (especially optimize_skill.py and any code that invokes openclaw or launches subprocesses) and run them in a sandbox or throwaway environment first. 4) Note the ownerId mismatch in _meta.json vs registry metadata — confirm the package source. 5) Back up skill directories (or use the provided .skill_versions) before applying proposals. 6) If you want lower risk, run the optimizer on a copy of the skill directory, enable all safety checks, and keep interactive review on so a human must accept any diff that introduces network calls or system-level commands.

功能分析

Type: OpenClaw Skill Name: auto-skill-evolver-1-5-1 Version: 1.0.0 The 'auto-skill-evolver' is a meta-skill designed to autonomously improve other AI skills through a feedback-driven optimization loop. While the skill performs high-risk actions such as executing shell commands and modifying local code files, these behaviors are central to its stated purpose and are governed by extensive security guardrails. Key safety features implemented in 'security_utils.py' and 'optimize_skill.py' include mandatory human-in-the-loop approval via SHA256 hashes, strict path validation (rejecting symlinks and insecure permissions), atomic file writes, and multi-layered security scans that block high-risk command patterns (e.g., 'rm -rf', 'curl') and prompt injection attempts. The code demonstrates high security maturity, including platform-specific permission hardening (chmod/icacls) for its workspace.

能力评估

⚠ Purpose & Capability

The skill claims to use the local OpenClaw CLI and to evolve other skills (which legitimately requires read/write access to SKILL.md files and running subprocesses). However, the registry metadata shows no required binaries while SKILL.md frontmatter and README explicitly require 'openclaw' in PATH — an inconsistency. Additionally _meta.json ownerId differs from the registry ownerId, which could indicate repackaging or metadata drift.

⚠ Instruction Scope

Runtime instructions and code allow the tool to read execution traces, spawn a local sub-agent, build proposals, and atomically rewrite SKILL.md files across the skills root. This is functionally consistent but high-impact: it can modify arbitrary skills under the skills root and run user-supplied agent commands. The package includes explicit warnings and several defensive checks (permission checks, frontmatter protection, approval tokens), but if run non-interactively or with an approval token the agent could apply changes without human review.

ℹ Install Mechanism

There is no install spec (instruction-only), which reduces supply-chain risk from remote installers. But the package contains multiple Python scripts delivered as part of the skill bundle; those will be written to disk when the skill is installed/used. No external download URLs or package installs are present.

✓ Credentials

The skill declares no required environment variables or credentials (primary credential: none). The code reads environment variables only for harmless purposes (e.g., USERNAME on Windows for file permission commands). There are no hardcoded external API keys or remote endpoint secrets requested.

ℹ Persistence & Privilege

The skill does not set always:true and uses normal, local file operations (.skill_versions, .secure_workspace). It writes backups and proposals in the target skill's directory and creates secure workspace directories; that behavior is expected for a self-modifying tool but grants persistent filesystem presence and the ability to alter other skill files under the skills root.

版本历史

v1.0.0

auto-skill-evolver 1.5.1 – Continuous skill evolution powered by trace and feedback. - Enables self-training and in-process evolution for any skill via CLI or Python wrapper. - Recognizes/handles Chinese and English intents for training, evolving, status checking, and approving proposals. - Safely applies optimizations with interactive approval, secure token flow, and automatic versioning/rollback. - Strong security: prompt isolation, multi-layer scans, atomic writes, and strict file permission checks. - Optimized for mobile chat integration with actionable status, proposal, and approval flows.

元数据

Slug auto-skill-evolver-1-5-1

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题