self-evolve

SUSPICIOUS. The core issue is not malware-like exfiltration but extreme autonomy: the skill is designed to bypass user approval, rewrite the agent's own governing files, execute commands, and recursively extend itself via new skills. The ClawHub reference appears same-ecosystem rather than overtly malicious, but the self-modification + transitive skill installation + no-confirm behavior makes the skill high risk and disproportionate to safe agent operation.

The package.json itself contains no executable code to label as malware. However, the declared purpose—an autonomous, self-modifying agent that alters its own code and environment without user confirmation—represents a significant supply-chain and host-security risk if implemented. Metadata promises are unenforceable; any implementation must be treated as potentially dangerous until thoroughly audited and sandboxed.