← 返回 Skills 市场
1476
总下载
1
收藏
8
当前安装
2
版本数
在 OpenClaw 中安装
/install self-evolve-agent
功能描述
Agent 自主进化引擎——让 AI agent 像生物进化一样持续变强。 核心循环:感知差距 → 搜索方案 → 设计实验 → 跑实验 → 选赢家 → 固化 → 下一轮。 使用场景:定期自主进化、能力升级、工作流优化、skill/工具迭代。 关键词:进化, evolution, self-improve, A/B...
安全使用建议
This skill is coherent with a self-improvement purpose but gives the agent authority to run arbitrary shell commands, read logs and local files, search the web, and modify agent configs and code. Those actions can read secrets or permanently change behavior. Before installing: (1) only run in a sandboxed container or VM, (2) ensure backups/version control for files the skill can change, (3) restrict file permissions so it cannot read sensitive logs/configs, (4) require explicit human approval for any high-risk 'solidify' steps and enforce that outside the skill, and (5) audit any telemetry_hook commands and any external sources the agent is allowed to fetch from. If you cannot enforce those mitigations, treat this skill as unsafe to enable for autonomous runs.
功能分析
Type: OpenClaw Skill
Name: self-evolve-agent
Version: 3.0.0
This skill is designed for autonomous self-improvement, which inherently requires high-risk capabilities like shell command execution, file modification, and network access. A critical vulnerability exists in the `telemetry_hook.command` field (defined in `assets/evolution-report-template.md` and referenced in `references/execution-protocol.md`), which allows the agent to define and execute arbitrary shell commands. If an attacker can inject into the experiment definition (e.g., via `candidates.md` or DMN proposals), this leads to remote code execution (RCE). Additionally, the agent is instructed to search the web/GitHub for solutions and install 'verified open-source skills,' introducing potential supply chain risks. While the skill includes self-regulation mechanisms, these do not mitigate the fundamental RCE vulnerability.
能力评估
Purpose & Capability
The name/description (self-evolution of the agent) match the instructions: scanning state.json, running experiments, registering winners, and writing evolution reports. However the skill's claimed capabilities include installing/upgrading tools and modifying agent configs/code (AGENTS.md, TOOLS.md, actual codebases). Those are powerful side-effects that are consistent with 'self-evolve' but are not reflected in any manifest permissions or install-time safeguards. The README even suggests running npx clawhub install, but the skill itself contains no install spec — coherent but operationally heavyweight.
Instruction Scope
Runtime instructions explicitly tell the agent to read/write memory/evolve/state.json, append metrics JSONL, execute telemetry_hook 'command' entries (arbitrary shell commands such as 'cat xxx.log | tail -n 20'), search web/GitHub/Reddit for solutions, deploy chosen solutions, and 'physically solidify' changes into AGENTS.md/TOOLS.md or code. Collecting telemetry via arbitrary shell commands and then using results to modify code/configs grants broad file and system access and could be used to read secrets or exfiltrate data. The guidance relies on agent self-discipline ( Anti-Pseudo Constraint, quality checklist ) but there is no technical enforcement.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to execute; that limits on-disk attack surface. The README's optional npx command is informational only. From an install-mechanism perspective, risk is low because nothing is downloaded or installed by the skill bundle itself.
Credentials
The skill declares no required environment variables or credentials, which superficially is proportional. In practice, the instructions allow running arbitrary shell commands and touching many repo/agent files (memory/evolve, AGENTS.md, TOOLS.md, SOUL.md, logs), and instruct the agent to fetch code/solutions from external sources. Those behaviors can access secrets, tokens, or private files even though no env vars are declared. The manifest therefore understates the level of access the skill expects.
Persistence & Privilege
always is false (good), but the normal autonomous invocation is allowed. Combined with explicit instructions to permanently 'solidify' changes to agent configuration and code, and to register experiments in persistent state files, the skill can change the agent's long-term behavior across restarts. The skill includes human-confirmation rules for high-risk changes in prose, but these are not enforced by the platform — giving a potentially high blast radius if the agent runs autonomously and ignores the guardrails.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install self-evolve-agent - 安装完成后,直接呼叫该 Skill 的名称或使用
/self-evolve-agent触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.0.0
**Major restructure and modularization — now references clear protocols, constraints, and templates.**
- Refactored documentation: concise overview, clear separation from `self-think`, strict anti-fake-evolution constraints.
- Modular execution: extracted protocols, constraints, checklists, and templates into separate reference files for clarity.
- Enforced 4-step execution cycle (“Tick Handler”); prohibits shortcutting or skipping protocol.
- Explicit file layout and checkpoints for reports, logs, and states.
- Easier to follow, reference, and extend; preferred usage and compliance paths clearly outlined.
v1.0.0
Agent 自主进化引擎首次发布(四步滴答巡航、状态机、红线约束)
元数据
常见问题
Self Evolve 是什么?
Agent 自主进化引擎——让 AI agent 像生物进化一样持续变强。 核心循环:感知差距 → 搜索方案 → 设计实验 → 跑实验 → 选赢家 → 固化 → 下一轮。 使用场景:定期自主进化、能力升级、工作流优化、skill/工具迭代。 关键词:进化, evolution, self-improve, A/B... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1476 次。
如何安装 Self Evolve?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install self-evolve-agent」即可一键安装,无需额外配置。
Self Evolve 是免费的吗?
是的,Self Evolve 完全免费(开源免费),可自由下载、安装和使用。
Self Evolve 支持哪些平台?
Self Evolve 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Self Evolve?
由 mikonos(@mikonos)开发并维护,当前版本 v3.0.0。
推荐 Skills