← 返回 Skills 市场
1630
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install hydra-evolver
功能描述
A Proxmox-native orchestration skill that turns any home lab into a Self-Healing AI Swarm.
使用说明 (SKILL.md)
🐉 Hydra Mesh Evolver
Weaponize your infrastructure. Decentralize your brain.
The Hydra Mesh Evolver is a specialized skill for the OpenClaw Mesh. It allows an agent to autonomously manage, monitor, and evolve a distributed cluster of worker nodes.
Features
- Node Injection: Automatically deploy OpenClaw agents to Windows, Mac, and Linux nodes.
- Proxmox Telemetry: Real-time hardware health and VM management.
- Self-Evolution Loop: Scans project files (
PROJECTS.md) and proposes code fixes/resume-plans for stalled work. - ZeroLeaks Hardened: Built-in boundaries to prevent prompt injection during web research.
Tools
mesh_scan
Scan the network for new nodes and update the mesh topology.
mesh_evolve
Analyze MEMORY.md and PROJECTS.md to identify blockers and generate an evolution_plan.json.
mesh_provision
One-click setup for new hardware (Docker, OpenClaw, Tailscale).
Created for the 2026 OpenClaw Hackathon on Moltbook.
安全使用建议
This package is inconsistent and risky. Before installing or running it: 1) Don't run provision.sh on any production or unsandboxed machine — it runs 'curl | sh' installers and modifies system groups. 2) Ask the author for a homepage/source repo and a clear explanation of why Proxmox tokens are required; the included scripts don't use them. 3) If you still want to test it, run it in an isolated VM or throwaway lab network, audit the 'openclaw' npm package source, and remove or replace remote-install lines with explicit, reviewed package installs. 4) Be cautious about allowing the agent to autonomously invoke these tools, since the skill performs local network scans and could cause unexpected outbound connections or system changes.
功能分析
Type: OpenClaw Skill
Name: hydra-evolver
Version: 1.0.0
The skill bundle is classified as suspicious due to several high-risk capabilities and practices, despite aligning with its stated purpose of an 'orchestration skill' for a 'Self-Healing AI Swarm'. The `scripts/provision.sh` file uses `curl | sh` for installing Docker, Volta (Node.js), and Tailscale from external domains, which is a high-risk supply chain practice. This script also adds the user to the `docker` group, granting root-equivalent privileges. Additionally, `scripts/scan.py` performs network scanning on a hardcoded private IP range, and `SKILL.md` declares the need for Proxmox API tokens (`PVE_TOKEN_ID`, `PVE_TOKEN_SECRET`) and describes 'Node Injection' and 'VM management', indicating powerful system and network control. While these actions are consistent with the skill's description, they involve significant system modification, network interaction, and reliance on external scripts, posing inherent security risks without clear malicious intent.
能力评估
Purpose & Capability
SKILL.md and description claim Proxmox-native orchestration and request Proxmox token env vars (PVE_TOKEN_ID, PVE_TOKEN_SECRET) and binaries (pm2), but none of the included scripts reference the Proxmox API or those environment variables. The provision script is Linux/apt-centric (does not implement Windows/Mac node injection claimed in the README). This mismatch between stated purpose (Proxmox, multi-OS node injection) and actual code/instructions is incoherent.
Instruction Scope
Runtime instructions and scripts direct network activity and file reads beyond a simple local helper: scan.py performs TCP scans of hard-coded LAN IPs/ports (SSH and an OpenClaw port), provision.sh runs system-level package installs and modifies groups, and evolve.py reads PROJECTS.md and MEMORY.md and emits instructions that may lead an agent to read project logs or other files. These behaviors go beyond a passive formatter and could access sensitive local resources or enumerate network hosts.
Install Mechanism
There is no declared install spec, but provision.sh contains multiple 'curl | sh' installers (get.docker.com, volta install script, tailscale install) and runs 'npm install -g openclaw'. While the domains used are well-known, piping remote install scripts to a shell is a high-risk pattern because it executes remote code without local review. Global npm install of an unverified package (openclaw) also introduces risk.
Credentials
SKILL.md lists required environment variables (PVE_TOKEN_ID, PVE_TOKEN_SECRET) despite registry metadata listing no required env vars; none of the three included scripts reference these tokens. The declared required binary 'pm2' is not installed or invoked by the scripts. This mismatch suggests either stale documentation or an attempt to request credentials that are not needed by the shipped code.
Persistence & Privilege
The skill does not request 'always: true' or system config paths and is not claiming persistent privileges in the registry metadata. However, it enables autonomous actions by default (normal for skills) and contains operations that modify system state (package installs, usermod -aG docker) and network scanning; autonomous invocation combined with those actions increases the blast radius if the skill behaves unexpectedly.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install hydra-evolver - 安装完成后,直接呼叫该 Skill 的名称或使用
/hydra-evolver触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial Release for Moltbook Hackathon
元数据
常见问题
Hydra Evolver 是什么?
A Proxmox-native orchestration skill that turns any home lab into a Self-Healing AI Swarm. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1630 次。
如何安装 Hydra Evolver?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install hydra-evolver」即可一键安装,无需额外配置。
Hydra Evolver 是免费的吗?
是的,Hydra Evolver 完全免费(开源免费),可自由下载、安装和使用。
Hydra Evolver 支持哪些平台?
Hydra Evolver 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Hydra Evolver?
由 spamtylor(@spamtylor)开发并维护,当前版本 v1.0.0。
推荐 Skills