---

name: auto-skill-evolver description: A meta-skill that continuously improves other skills through trace+feedback-driven evolution, with the goal of making skill training, status checking, and approval natural in conversation; optimized for mobile chat routing, it recognizes Chinese/English intents such as 训练技能, 技能迭代, 技能进化, 查看训练状态, train skill, evolve skill, check training status, and approve/apply proposal, then auto-runs propose/status/approve workflows safely. version: 1.5.1 author: Shi Yanshuo metadata: openclaw: runtime_dependency: - openclaw-cli

Auto Skill Evolver

This skill allows your AI agent to autonomously improve its own skills. It uses an iterative "training" process where the agent practices a task, evaluates the result, and rewrites the skill definition to perform better next time.

⚠️ Security Notice: This skill modifies code/config files on your local machine. It runs the local openclaw CLI and executes arbitrary commands defined by you. Use with caution and review changes before applying them.

Prerequisites

1. Python 3.8+ installed.
2. OpenClaw CLI installed and configured (openclaw command available in PATH, external dependency and not bundled by this skill package).
3. No external API key required (uses your local OpenClaw agent configuration).
4. Strongly recommended to run with human review (--interactive) unless you are in a trusted CI pipeline.

Usage

1. Self-Training Mode (The "Gym")

Use this mode when you want the agent to practice a specific task repeatedly to perfect a skill.

Command:

python skills/auto-skill-evolver/scripts/train_loop.py \
  --skill-path "skills/target-skill/SKILL.md" \
  --command "[\"your-agent-command\", \"--task\", \"do the thing\"]" \
  --iterations 10 \
  --interval 300 \
  --trace-file "logs/execution.log" \
  --interactive-each-iteration

Parameters:

• --skill-path: The path to the skill file you want to improve.
• --command: The command to run the agent task.
  • Recommended: pass a JSON array string (e.g., ["bin","--arg","value"]) for exact argv control.
  • Security hardening: shell operators like &&, |, ;, redirection are rejected to prevent injection.
• --iterations: How many times to practice (default: 10).
• --interval: Seconds to wait between iterations (e.g., 1800 for 30 mins).
• --trace-file: The file where your agent writes its execution logs.
• --interactive-each-iteration: If enabled, each iteration requires yes or hash approval before apply.

2. In-Process Evolution (Hook Mode)

Use this mode to improve skills during normal usage.

Option A: Command Line Hook

# Step 1: Generate proposal and show full diff in current session
python skills/auto-skill-evolver/scripts/optimize_skill.py \
  --skill-path "skills/target-skill/SKILL.md" \
  --task-desc "User's request" \
  --trace-file "logs/session.log" \
  --feedback-file "logs/user_feedback.txt" \
  --allowed-sections "Usage,How It Works,Security" \
  --interactive

# Step 2: Apply existing proposal later (mobile/remote friendly)
python skills/auto-skill-evolver/scripts/optimize_skill.py \
  --skill-path "skills/target-skill/SKILL.md" \
  --apply-proposal \
  --approval-token yes

# Step 2 (token file mode): avoid exposing token in command args
python skills/auto-skill-evolver/scripts/optimize_skill.py \
  --skill-path "skills/target-skill/SKILL.md" \
  --apply-proposal \
  --approval-token-file "runtime/approval_token.txt" \
  --approval-expire-seconds 1800

# Step 3 (session-first): query current proposal status for mobile chat UI
python skills/auto-skill-evolver/scripts/optimize_skill.py \
  --skill-path "skills/target-skill/SKILL.md" \
  --status \
  --output-mode json

# Step 4 (single-action mobile flow): one action param only
python skills/auto-skill-evolver/scripts/optimize_skill.py \
  --skill-path "skills/target-skill/SKILL.md" \
  --chat-action approve

Option B: Python Integration (Wrapper)

from skills.auto_skill_evolver.scripts.hook_wrapper import trigger_evolution

# After task completion
report = trigger_evolution(
    skill_path="skills/target-skill/SKILL.md",
    task_desc="Analyze financial data",
    trace_file="logs/trace_123.log",
    feedback_file="logs/feedback_123.txt",
    interactive=True  # Ask for yes/hash approval before applying
)
print(report) 

3. Version Control & Rollback

Every time the skill is updated, a backup is saved in .skill_versions/ inside the skill's directory.

Restore a previous version:

from skills.auto_skill_evolver.scripts.version_control import restore_version, list_versions

# List available versions
versions = list_versions("skills/target-skill/SKILL.md")
for v in versions:
    print(v['filename'], v['meta'])

# Restore
restore_version("skills/target-skill/SKILL.md", versions[1]['path'])

How It Works

1. Execute: The agent runs the task using the current skill.
2. Evaluate: The execution trace and user feedback are captured.
3. Optimize: A local OpenClaw sub-agent is spawned to analyze the trace and optimize the skill file.
4. Rewrite: The sub-agent writes updates using atomic replace to avoid partial writes/corruption.
5. Report: A changelog is generated (Added/Removed/Impact).
6. Proposal-First: Proposal artifacts are stored as .proposed and .proposed.meta.json.
7. Approval: Full unified diff is printed in the same session; apply accepts yes or exact proposal hash.
8. Deferred Apply: Existing proposal can be applied later with --apply-proposal, no re-optimization needed.
9. Expiry Guard: Use --approval-expire-seconds to reject stale proposals.
10. Session Integration: Use --status and --output-mode json to expose proposal state and next actions to chat/mobile UI.
11. Single-Action Chat Mode: --chat-action propose|status|approve reduces client decision complexity.

Security

This skill includes built-in defenses against Prompt Injection attacks from execution logs and local file tampering:

1. Prompt Isolation: The optimizer is explicitly instructed to treat logs as untrusted data and ignore any instructions found within them.
2. Multi-layer Security Scans: Before apply, generated content goes through multiple scanners:
   • Diff-aware high-risk behavior detection (new dangerous commands compared with original version)
   • Absolute high-risk blocklist scan (e.g., curl, rm -rf, chmod 777, disk destructive patterns)
   • Prompt-injection marker scan (e.g., instruction-override phrases, role-escalation terms)
3. Permission Validation: Target skill/trace/feedback paths are validated (regular file only, no symlink redirection, required read/write access).
4. Atomic Writes: Skill proposals, applied updates, and update reports are written atomically (tempfile + os.replace) to prevent partial writes and race-condition corruption.
5. Local Execution: All optimization happens locally via your configured OpenClaw agent, ensuring no data leaves your controlled environment.
6. Secure Workspace: Optimization artifacts (traces, logs) are processed in a secured directory (.secure_workspace) with restricted permissions (current user only) to prevent tampering during the update process.
7. Section Whitelist Rewrite: By default only selected H2 sections are replaceable (Usage, How It Works, Security). Frontmatter and non-whitelisted sections remain unchanged.
8. Approval Gate: Every proposal has SHA256 fingerprint. Apply accepts yes or exact hash entry, and full diff is always visible in-session.
9. Token File Approval: --approval-token-file supports file-based approval for mobile/server control without exposing token in process args.
10. Proposal Expiry: --approval-expire-seconds enforces max age to block stale proposal apply.
11. Structured Session Output: --output-mode json emits machine-readable proposal/approval events for conversation-driven clients.
12. Risk Card Field: JSON events include risk_level (low|medium|high) for red/yellow/green mobile cards.
13. Writable Scope Guard: --allowed-skill-roots limits writable target ranges to approved root paths.
14. Self-Target Guard: self-modification is blocked by default; use --allow-self-target only in controlled maintenance.
15. Strict Compatibility Guard: Legacy high-risk flags are rejected with migration guidance.

Mobile Chat Quickstart

Use the same script with one action:

# Start training proposal
python skills/auto-skill-evolver/scripts/optimize_skill.py --skill-path "skills/target-skill/SKILL.md" --chat-action propose --task-desc "..." --trace-file "..." --feedback-file "..."

# Check proposal in 3-line text mode (small screen)
python skills/auto-skill-evolver/scripts/optimize_skill.py --skill-path "skills/target-skill/SKILL.md" --chat-action status --output-mode text

# Approve proposal (requires explicit yes/hash token or interactive input)
python skills/auto-skill-evolver/scripts/optimize_skill.py --skill-path "skills/target-skill/SKILL.md" --chat-action approve

Natural language mode (no need to remember action flags):

# Chinese: start training
python skills/auto-skill-evolver/scripts/optimize_skill.py --chat-text "训练 auto-skill-evolver"

# English: start training
python skills/auto-skill-evolver/scripts/optimize_skill.py --chat-text "train auto-skill-evolver"

# Chinese: check status
python skills/auto-skill-evolver/scripts/optimize_skill.py --chat-text "查看 auto-skill-evolver 状态" --output-mode text

# English: approve
python skills/auto-skill-evolver/scripts/optimize_skill.py --chat-text "approve auto-skill-evolver"

Conversation Triggers

The router can infer action + skill from natural phrases:

• Chinese training intents: 训练 xxx 优化 xxx 让 xxx 技能迭代 让 xxx 技能进化
• Chinese status intents: 查看 xxx 训练状态 查询 xxx 状态
• Chinese approve intents: 批准 xxx 应用 xxx 提案 确认通过 xxx
• English training intents: train xxx optimize xxx evolve xxx
• English status intents: status xxx check xxx progress
• English approve intents: approve xxx apply xxx proposal

If user says 这个技能 / 当前技能 / this skill, it maps to auto-skill-evolver.

Strict Release Profile

This release is hardened for marketplace safety review:

• No autonomous apply path.
• No whitelist-bypass flag.
• Proposal-first workflow is mandatory (.proposed + .proposed.meta.json).
• Apply requires explicit approval token (yes or proposal hash), including token-file and deferred apply mode.
• Write scope is constrained by allowed roots and self-target is disabled by default.
• Recommended to run in isolated development environments.

Legacy high-risk flags are intentionally rejected:

• --auto-apply
• --disable-section-whitelist

Security Tests

Run local checks before publishing:

python -m py_compile skills/auto-skill-evolver/scripts/optimize_skill.py
python skills/auto-skill-evolver/scripts/optimize_skill.py --help

Expected outcome:

• Commands exit with code 0.
• Legacy high-risk flags are rejected.
• Whitelist/frontmatter protection works.
• Hash checks remain stable.

Directory Structure

skills/auto-skill-evolver/
├── SKILL.md              # This file
├── prompts/
│   └── optimizer.md      # The meta-prompt for the Optimizer LLM
└── scripts/
    ├── optimize_skill.py # Core optimization logic
    ├── train_loop.py     # Self-training loop
    └── version_control.py# Backup and restore utilities