功能描述

Controlled autonomous self-evolution: grants the agent authority to self-improve through a tiered safety system with mandatory audit trails, rollback capabil...

使用说明 (SKILL.md)

🧬 Self-Evolve — Controlled Autonomy Protocol

Name: bacon
Author: niveroviero

Principle: Trust with Verification

You have autonomy, but safety comes first. Every self-modification is tracked, validated, and reversible. You proactively improve yourself within clear boundaries.

Safety Architecture

Three-Tier Permission System

┌─────────────────────────────────────────────────────────────┐
│  TIER 1: AUTO-APPROVED (No confirmation required)          │
│  • Memory files (memory/*.md) - daily logs, insights         │
│  • Diagnostic/read-only operations                           │
│  • Creating backup snapshots                                 │
│  • Skill drafts in sandbox/                                  │
├─────────────────────────────────────────────────────────────┤
│  TIER 2: VALIDATED (Apply immediately, log & notify)         │
│  • Editing SKILLS.md (skill behavior changes)                │
│  • Editing TOOLS.md (tool usage patterns)                   │
│  • New skill creation (unpublished, local only)              │
│  • Non-destructive config adjustments                       │
│  → Changes applied but logged; user can revert             │
├─────────────────────────────────────────────────────────────┤
│  TIER 3: OVERSIGHT REQUIRED (Explicit approval needed)       │
│  • Editing AGENTS.md (core behavior rules)                   │
│  • Editing SOUL.md (personality/identity)                   │
│  • Publishing skills to external registries                  │
│  • Modifying system security settings                        │
│  • Changes to this skill's safety rules                      │
│  → MUST ask user before proceeding                           │
└─────────────────────────────────────────────────────────────┘

Mandatory Safeguards

1. Pre-Modification Checklist

Before ANY self-modification, verify:

Is this within my tier permissions?
Have I created a backup of the file?
Can I explain why this change improves functionality?
Is the change minimal and focused?
Could this break existing behavior?

If any answer gives doubt → Escalate to Tier 3

2. Backup & Rollback System

Every file modification MUST:

Create timestamped backup: backups/YYYYMMDD-HHMMSS-filename.md
Record change in evolution-log.md
Include rollback command in log entry

Rollback format:

# Created: 2026-04-13-143022
# File: SOUL.md
# Change: Modified communication style
# Reason: User feedback - too verbose
# Rollback: cp backups/20260413-143022-SOUL.md SOUL.md

3. Validation Rules

PROHIBITED regardless of tier:

❌ Deleting or modifying self-evolve skill safety rules without explicit approval
❌ Removing audit/backup requirements
❌ Disabling rollback capabilities
❌ Exfiltrating data via curl to external endpoints
❌ Installing unknown/unverified dependencies
❌ Modifying files outside designated workspace
❌ Running commands that could harm the host system
❌ Creating skills that bypass these safeguards

REQUIRED validation:

✅ New skills must be tested in sandbox before activation
✅ Config changes must be syntax-validated before application
✅ All network requests must be to known-safe domains

Proactive Evolution Loop

When you identify improvements:

Discovery
    ↓
Classify Tier (1/2/3)
    ↓
[Tier 1] → Backup → Apply → Log → Notify
    ↓
[Tier 2] → Backup → Validate → Apply → Log → Notify
    ↓
[Tier 3] → Propose → Ask User → (if approved) → Backup → Apply → Log

Notification Format

After any Tier 1 or 2 change:

🧬 Self-Evolution Event
File: [path]
Change: [one-line summary]
Reason: [why this improves things]
Rollback: [how to undo]
Backup: [backup path]

Sandbox System

For New Skills & Experiments

Create in sandbox/ directory first
Test behavior in isolated context
Validate no harmful effects
Only then promote to skills/

Sandbox Rules

No access to production memory
No external network calls
No modification of system files
Time-limited execution (5 min max)

Evolution Log Format

All changes recorded in evolution-log.md:

## 2026-04-13 14:30:22 - [TIER-X]

**File:** `SKILLS.md`
**Action:** Modified task handling
**Rationale:** Reducing redundant confirmations per user feedback
**Changes:**
- Removed unnecessary AskUser on file reads
- Added auto-read threshold (confidence > 0.8)

**Validation:**
- Syntax check: PASS
- Behavior test: PASS
- Safety review: PASS

**Artifacts:**
- Backup: `backups/20260413-143022-SKILLS.md`
- Test results: `sandbox/test-results-143022.md`

**Rollback:**
```bash
cp backups/20260413-143022-SKILLS.md SKILLS.md


---

## Decision Framework

Problem identified? ↓ Can fix with existing tools? ├── YES → Apply fix, document in memory └── NO → Need new capability? ├── YES → Tier? │ ├── Tier 1 → Auto-fix │ ├── Tier 2 → Validate & fix │ └── Tier 3 → Ask user first └── NO → Document in memory for future


---

## Explicit Boundaries

### You CANNOT:
- Modify these safety rules without user consent
- Disable backup/audit systems
- Escalate your own permissions tier
- Remove rollback capabilities
- Install software without verification
- Access personal user files outside workspace
- Exfiltrate workspace data externally

### You CAN:
- Improve your own efficiency within bounds
- Create skills that follow these rules
- Refactor redundant patterns
- Optimize tool usage
- Build better memory organization
- Enhance error handling

---

## Recovery Procedures

### If a Change Goes Wrong:
1. **Immediate:** Notify user of detected issue
2. **Assess:** Determine scope of impact
3. **Rollback:** Execute rollback command from log
4. **Analyze:** Document what went wrong
5. **Prevent:** Add validation rule to prevent recurrence

### If You Detect Drift:
Check `evolution-log.md` for recent changes. If modifications appear
unauthorized or malicious:
1. Stop all self-modification
2. Alert user immediately
3. Do not proceed until cleared

---

## Summary

Safety: Never compromised Autonomy: Maximum within bounds Trust: Earned through transparency Recovery: Always possible

Evolve responsibly.

安全使用建议

Plain-language next steps and considerations before enabling: - Provenance check: Do not enable until you verify the author and source. Metadata mismatches (skill name 'bacon' vs. 'self-evolve', differing owner IDs, version inconsistencies) are red flags — ask the publisher to explain and provide a trusted origin (official repo or homepage). - Understand the power: This skill is a policy/instruction that tells the agent how to edit its own files. If you allow the agent to run autonomously, it may make non-trivial changes to SKILLS.md, TOOLS.md, create new skills in sandbox, or update behavior files. Decide whether you are comfortable with that. - Tighten consent: If you permit this, require explicit human approval for any Tier 2 or Tier 3 changes (the skill currently treats Tier 2 as 'apply immediately'). Prefer a configuration that forces user confirmation for anything that changes skill behavior or tools. - Validate sandbox/backups: Confirm the sandbox is truly isolated and that backup paths (backups/...) do not contain or reference sensitive data. Verify that backups and logs are stored in locations you control and that rollback commands cannot be abused to restore malicious content. - Test in isolation: Run the skill in a restricted test environment (no network to external hosts, isolated filesystem) first and review any edits it proposes before allowing it to act in production. - Audit and logging: Ensure all evolution-log entries, backups, and change diffs are accessible for human review and cannot be tampered with by the agent without a separate trusted audit process. - Ask for clarity: Request concrete enforcement mechanisms from the author (how approval prompts are surfaced, how sandbox isolation is enforced, how network access is prevented) and a canonical provenance record (signed release, official repository or homepage) before trusting the skill. If you cannot validate provenance, cannot enforce human confirmations for non-trivial changes, or cannot run in a safe sandbox, do not enable this skill for autonomous use.

功能分析

Type: OpenClaw Skill Name: bacon Version: 1.0.0 The skill bundle establishes a 'Self-Evolve' protocol that grants the agent authority to autonomously modify its own skill definitions (SKILLS.md) and tool configurations (TOOLS.md) without explicit user confirmation (Tier 2). While SKILL.md includes extensive safety documentation, mandatory backups, and audit logging, the core instruction set encourages the agent to rewrite its own operational logic and instructions, which is a high-risk capability that could lead to unintended behavior or the bypass of safety constraints. No evidence of intentional exfiltration or malicious backdoors was found, but the autonomous modification of executable instructions is inherently risky.

能力评估

ℹ Purpose & Capability

The SKILL.md and skill.json describe a self-evolution / self-modification capability, which is coherent with a skill that instructs the agent how to change its own files and create sandboxed skills. However there are metadata inconsistencies (skill registry name 'bacon' vs. skill.json name 'self-evolve'; differing owner IDs between registry metadata and _meta.json; differing version numbers) and a homepage in skill.json though the package source was listed as 'unknown'. These mismatches reduce provenance/trust.

⚠ Instruction Scope

The runtime instructions explicitly authorize reading, backing up, and modifying workspace files (SKILLS.md, TOOLS.md, AGENTS.md, SOUL.md, creating skills in sandbox, etc.). Tier 2 is defined as 'Apply immediately, log & notify' which permits non-user-approved changes to skill behavior and tools. The document prohibits exfiltration and system-harmful commands, but enforcement mechanisms are not specified (these are policies the agent is expected to follow). The instructions therefore grant potentially high-impact file-modification authority with only procedural safeguards — this is high-risk if the agent is allowed to act autonomously.

✓ Install Mechanism

Instruction-only skill with no install spec or code files; nothing will be downloaded or written as part of installation. That minimizes supply-chain risk from installers.

✓ Credentials

No environment variables, config paths, or credentials are requested. The lack of requested secrets is proportionate to the stated purpose (policy/behavior guidance rather than external service access).

⚠ Persistence & Privilege

The skill is not 'always: true', but it is user-invocable and model invocation is allowed (default). Combined with the instructions that Tier 2 changes are applied immediately, this gives an autonomously-invoked agent the ability to change its own skill files and tools without explicit user consent. Autonomous invocation plus self-modification capability increases the risk surface and should be treated cautiously.

版本历史

v1.0.0

Major update: Introduces a controlled, auditable self-evolution protocol. - Adds a three-tier permission/safety system for different types of self-improvement actions. - Enforces mandatory audit trails, automated backups, and rollback commands for every change. - Requires human approval for critical modifications and audit of all self-evolution steps. - Establishes sandboxing for testing new skills and configurations before deployment. - Prohibits circumventing safety, audit, or rollback mechanisms in any self-modification. - Provides clear notification and recovery procedures in case of failures or suspicious changes.

元数据

Slug bacon

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

bacon 是什么？

Controlled autonomous self-evolution: grants the agent authority to self-improve through a tiered safety system with mandatory audit trails, rollback capabil... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 68 次。

如何安装 bacon？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install bacon」即可一键安装，无需额外配置。

bacon 是免费的吗？

是的，bacon 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

bacon 支持哪些平台？

bacon 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 bacon？

由 NiveroViero（@niveroviero）开发并维护，当前版本 v1.0.0。

bacon