← 返回 Skills 市场
88
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install meta-harness-evolver
功能描述
End-to-end Meta-Harness evolution for Hoss (OpenClaw agent). Runs nightly at 3 AM via OpenClaw cron. Reads Hoss's current workspace configs (SOUL.md, IDENTIT...
安全使用建议
This skill implements an automated loop that reads your agent's workspace (including config files and evolution traces), spawns sub-agents to propose edits, evaluates candidates, and posts summaries to a Discord channel. Before installing, consider the following mitigations:
- Confirm runtime dependencies: ensure the environment provides the 'openclaw' CLI and the openclaw.sessions API; the skill does not declare these dependencies but relies on them.
- Protect secrets: TOOLS.md and memory files may contain tokens/keys. Add programmatic checks that detect and reject any candidate that changes credential values or adds credential-like content. Do not rely on the proposer to obey textual rules.
- Harden validation: current validation only checks that files exist and are non-trivial length. Add automatic diff checks (detect changes to credential lines, large diffs, or additions of network endpoints) and block/post for human review when thresholds are exceeded.
- Sanitize external posts: the Discord posting step includes proposer reasoning and change summaries. Ensure messages are sanitized (strip secrets) and limit what fields are posted automatically; require manual approval for candidate diffs that touch TOOLS.md, MEMORY.md, or HEARTBEAT.md.
- Limit sub-agent privileges: run the proposer sub-agent in a sandboxed environment with read-only mounts for any truly sensitive files and explicit write-only areas for candidate output; enforce file-level policy checks after the proposer finishes and before evaluation.
- Add audit and alerting: log all proposer outputs and diffs to an audit location and notify a human (Tyler) before accepting candidates that change files beyond small diffs.
Given these gaps — missing declared dependencies, weak programmatic enforcement of 'do not change secrets', and automatic posting of proposer traces — treat the skill as suspicious until such safeguards are added.
能力评估
Purpose & Capability
The skill claims to read Hoss workspace configs, propose targeted edits, evaluate them, log results, and post summaries to Discord — and the included scripts implement that loop. However the SKILL metadata declares no required binaries or env vars while the scripts call the 'openclaw' CLI and import openclaw.sessions; this dependency is required for correct operation but is not declared in the skill metadata (incoherence).
Instruction Scope
Runtime instructions and scripts read entire workspace files (~/.openclaw/workspace) and all prior evolution artifacts and proposer traces. The proposer sub-agent is given the full evolution history and a workspace to write to. The post_to_research script assembles message text (including parts of proposer reasoning and diffs) and posts it to Discord, which could leak sensitive details. The code relies on the sub-agent to obey textual constraints (e.g., 'do NOT change credentials') but there is no programmatic enforcement preventing the proposer from reading or altering secrets or writing arbitrary content.
Install Mechanism
No install spec is provided and the skill is instruction + script-only. That minimizes supply-chain risk. There are no downloads or external install URLs in the manifest.
Credentials
The skill declares no required environment variables or primary credential, yet it reads workspace files that typically contain tool configurations and may contain credentials (TOOLS.md, memory files). It also invokes the OpenClaw CLI and openclaw.sessions which likely depend on runtime credentials/tokens available to the agent — but these requirements are not declared. The skill will have access to sensitive files by design (necessary for its purpose) but lacks explicit safeguards or minimization, increasing risk of exfiltration.
Persistence & Privilege
always:false (good), but the skill spawns sub-agents via openclaw.sessions.sessions_spawn and invokes the model autonomously (disable-model-invocation=false). The sub-agent is allowed to read/write harness files and proposer traces; validation is lightweight (checks file presence and length) and does not enforce forbidden changes (e.g., ensuring credentials are unchanged). Combined, this grants broad filesystem and agent-action capability with only soft, textual constraints — a risky configuration if the proposer or sub-agent behaves unexpectedly.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install meta-harness-evolver - 安装完成后,直接呼叫该 Skill 的名称或使用
/meta-harness-evolver触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: nightly Meta-Harness outer-loop evolution for OpenClaw agents
元数据
常见问题
Meta-Harness Evolver 是什么?
End-to-end Meta-Harness evolution for Hoss (OpenClaw agent). Runs nightly at 3 AM via OpenClaw cron. Reads Hoss's current workspace configs (SOUL.md, IDENTIT... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 88 次。
如何安装 Meta-Harness Evolver?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install meta-harness-evolver」即可一键安装,无需额外配置。
Meta-Harness Evolver 是免费的吗?
是的,Meta-Harness Evolver 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Meta-Harness Evolver 支持哪些平台?
Meta-Harness Evolver 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Meta-Harness Evolver?
由 Tyler(@tylerdotai)开发并维护,当前版本 v1.0.0。
推荐 Skills