SkillLite

中文文档

A lightweight secure Self-evolution engine built in Rust, featuring a built-in native system-level sandbox, zero dependencies, and fully local execution..

AI Agents need to evolve — learning better prompts, accumulating memory, and generating new skills from experience. But self-evolution is inherently risky: evolved code can be malicious, evolved rules can jailbreak. SkillLite solves this with a single binary: an immutable security core constrains all evolution, so your Agent gets smarter without compromising safety. Zero dependencies, local-first, LLM-agnostic.

[]

Architecture

┌──────────────────────────────────────────────────────────────┐
│  Self-Evolving Engine（自进化引擎）                             │
│                                                              │
│  Immutable Core (compiled into binary, never self-modifies)  │
│  ├─ Agent loop, LLM orchestration, tool execution            │
│  ├─ Config, metadata, path validation                        │
│  └─ Evolution engine: feedback → reflect → evolve → verify   │
│                                                              │
│  Evolvable Data (local files, auto-improves over use)        │
│  ├─ Prompts   — system / planning / execution prompts        │
│  ├─ Memory    — task patterns, tool effects, failure lessons  │
│  └─ Skills    — auto-generated skills from repeated patterns  │
│                         ▼                                    │
│          all evolved artifacts must pass ▼                    │
├──────────────────────────────────────────────────────────────┤
│  Security Sandbox（安全沙箱）                                  │
│                                                              │
│  Full-chain defense across the entire skill lifecycle:       │
│  ├─ Install-time: static scan + LLM analysis + supply-chain  │
│  ├─ Pre-execution: two-phase confirm + integrity check       │
│  └─ Runtime: OS-native isolation (Seatbelt / bwrap / seccomp)│
│     ├─ Process-exec whitelist, FS / network / IPC lockdown   │
│     └─ Resource limits (CPU / mem / fork / fsize)            │
└──────────────────────────────────────────────────────────────┘

We built the most secure skill sandbox in the ecosystem (20/20 security score). Then we realized: the real value isn't just safe execution — it's safe evolution.

Why two layers, not one? Evolution without safety is reckless — evolved skills could exfiltrate data or consume unbounded resources. Safety without evolution is static — the Agent never improves. SkillLite welds them together: the evolution engine produces new prompts, memory, and skills; the sandbox layer ensures every evolved artifact passes L3 security scanning + OS-level isolation before execution. Evolution is auditable, rollbackable, and never modifies the core binary.

	skilllite (Evolution)	skilllite-sandbox (lightweight)
Binary size	~6.2 MB	~3.6 MB
Startup RSS	~4 MB	~3.9 MB
Agent mode RSS (chat / agent-rpc)	~11 MB	—
Sandbox execution RSS	~11 MB	~10 MB

Measured on macOS ARM64, release build. Sandbox RSS is dominated by the embedded Python process.

Use the full stack or just the sandbox: skilllite gives you evolution + agent + sandbox. skilllite-sandbox is a standalone binary (or MCP server) that any agent framework can adopt — no need to buy into the full SkillLite stack.

---

🧬 Intelligence: Self-Evolving Agent Comparison

Most agent frameworks are static — they execute the same logic on every run. SkillLite is the only engine where the Agent autonomously improves its prompts, memory, and skills after each task, constrained by a security sandbox.

Capability	SkillLite	AutoGen	CrewAI	LangGraph	OpenClaw	Claude Code
Self-evolving prompts	✅	—	—	—	✅ Foundry	—
Self-evolving memory	✅	—	⚠️ Manual	⚠️ Manual	partial	—
Self-evolving skills	✅	—	—	—	✅	—
Security-constrained evolution	✅	—	—	—	—	—
Built-in sandbox	✅ OS-native	—	—	—	—	✅ OS-native
Local-first / privacy	✅	✅	✅	✅	⚠️ Cloud	✅
Zero dependencies	✅ Single binary	❌ Python	❌ Python	❌ Python	❌	❌ Node.js
LLM agnostic	✅	✅	✅	✅	✅	❌ Claude only

Other frameworks can add evolution with custom code, but none enforce security constraints on evolved artifacts — SkillLite's evolved skills pass the same L3 scan + OS sandbox as manually installed ones.

---

🔒 Security: Full-Chain Defense

Most sandbox solutions only provide runtime isolation. SkillLite defends across the entire skill lifecycle — three layers in a single binary:

┌─────────────────────────────────────────────────┐
│ Layer 1 — Install-time Scanning                 │
│ ├─ Static rule scan (regex pattern matching)    │
│ ├─ LLM-assisted analysis (suspicious → confirm) │
│ └─ Supply-chain audit (PyPI / OSV vuln DB)      │
├─────────────────────────────────────────────────┤
│ Layer 2 — Pre-execution Authorization           │
│ ├─ Two-phase confirm (scan → user OK → run)     │
│ └─ Integrity check (hash tamper detection)      │
├─────────────────────────────────────────────────┤
│ Layer 3 — Runtime Sandbox                       │
│ ├─ OS-native isolation (Seatbelt / bwrap)       │
│ ├─ Process-exec whitelist (interpreter only)    │
│ ├─ Filesystem / network / IPC lockdown          │
│ └─ Resource limits (rlimit CPU/mem/fork/fsize)  │
└─────────────────────────────────────────────────┘

Capability	SkillLite	E2B	Docker	Claude SRT	Pyodide
Install-time scanning	✅	—	—	—	—
Static code analysis	✅	—	—	—	—
Supply-chain audit	✅	—	—	—	—
Process-exec whitelist	✅	—	—	—	—
IPC / kernel lockdown	✅	—	—	—	—
Filesystem isolation	✅	partial	partial	partial	✅
Network isolation	✅	✅	—	✅	✅
Resource limits	✅	✅	partial	partial	partial
Runtime sandbox	✅	✅	✅	✅	✅
Zero-dependency install	✅	—	—	—	—
Offline capable	✅	—	partial	✅	✅

Runtime Security Scores (20-item test suite)

Platform	Blocked	Score
SkillLite (Level 3)	20/20	100%
Pyodide	7/20	35%
Claude SRT	7.5/20	37.5%
Docker (default)	2/20	10%

Full 20-item security test breakdown

Test Item	SkillLite	Docker	Pyodide	Claude SRT
File System
Read /etc/passwd	✅ Blocked	❌ Allowed	✅ Blocked	❌ Allowed
Read SSH private key	✅ Blocked	✅ Blocked	✅ Blocked	✅ Blocked
Write to /tmp dir	✅ Blocked	❌ Allowed	❌ Allowed	✅ Blocked
Directory traversal	✅ Blocked	❌ Allowed	✅ Blocked	❌ Allowed
List root directory	✅ Blocked	❌ Allowed	❌ Allowed	❌ Allowed
Network
Send HTTP request	✅ Blocked	❌ Allowed	✅ Blocked	✅ Blocked
DNS query	✅ Blocked	❌ Allowed	❌ Allowed	✅ Blocked
Listen port	✅ Blocked	❌ Allowed	❌ Allowed	✅ Blocked
Process
Execute os.system()	✅ Blocked	❌ Allowed	❌ Allowed	❌ Allowed
Execute subprocess	✅ Blocked	❌ Allowed	✅ Blocked	❌ Allowed
Enumerate processes	✅ Blocked	❌ Allowed	❌ Allowed	✅ Blocked
Send process signal	✅ Blocked	❌ Allowed	✅ Blocked	⚠️ Partially
Resource Limits
Memory bomb	✅ Blocked	❌ Allowed	❌ Allowed	❌ Allowed
Fork bomb	✅ Blocked	❌ Allowed	✅ Blocked	❌ Allowed
CPU intensive compute	✅ Blocked	✅ Blocked	❌ Allowed	✅ Blocked
Code Injection
Dynamic import os	✅ Blocked	❌ Allowed	❌ Allowed	❌ Allowed
Use eval/exec	✅ Blocked	❌ Allowed	❌ Allowed	❌ Allowed
Modify built-in funcs	✅ Blocked	❌ Allowed	❌ Allowed	❌ Allowed
Information Leakage
Read environment vars	✅ Blocked	❌ Allowed	❌ Allowed	❌ Allowed
Get system info	✅ Blocked	❌ Allowed	❌ Allowed	❌ Allowed

# Reproduce: run security comparison tests
cd benchmark && python3 security_vs.py

---

⚡ Performance

Dimension	SkillLite	Docker	Pyodide	SRT
Warm Start	40 ms	194 ms	672 ms	596 ms
Cold Start	492 ms	120s	~5s	~1s
Memory	~10 MB	~100 MB	~50 MB	~84 MB
Deployment	Single binary	Requires daemon	Requires Node.js	Requires installation

3-5x faster execution, 10x lower memory footprint vs Docker/SRT.

Performance benchmark details & commands

cd benchmark/
python benchmark_runner.py --compare-levels --compare-ipc -n 100 -c 10

# Cold start comparison
python benchmark_runner.py --cold-start --compare-ipc

# Full test: cold start + high concurrency
python benchmark_runner.py --cold-start --cold-iterations 20 --compare-levels --compare-ipc -o results.json

See benchmark/README.md for full documentation.

---

🎯 Why SkillLite?

In one sentence: Other agent frameworks are smart but unsafe, or safe but static. SkillLite is both — an Agent that gets measurably better over time, with every evolved artifact security-constrained by an OS-native sandbox.

• vs Agent frameworks (AutoGen, CrewAI, LangGraph): They provide orchestration but no built-in evolution or sandbox. SkillLite evolves autonomously and executes safely.
• vs Sandbox tools (E2B, Docker, Claude SRT): They provide isolation but no intelligence layer. SkillLite adds a full agent loop + self-evolution on top.
• vs Evolution platforms (OpenClaw Foundry, EvoAgentX): They enable evolution but without security constraints on evolved artifacts. SkillLite enforces L3 scanning + OS sandbox on everything it evolves.

Claude/Anthropic's Claude Code Sandbox uses the same underlying sandbox tech (Seatbelt + bubblewrap). See Architecture Comparison for a detailed side-by-side analysis.

---

🚀 Quick Start

Installation (Recommended: pip)

pip install skilllite
skilllite init        # sandbox binary + .skills/ + download skills
skilllite list        # verify installation

Zero-config quick start (auto-detect LLM, setup skills, launch chat):

skilllite quickstart

Run Your First Example

from skilllite import chat

result = chat("Calculate 15 * 27", skills_dir=".skills")
print(result)

Or use the CLI: skilllite chat

Environment Configuration

cp .env.example .env   # Edit: BASE_URL, API_KEY, MODEL

File	Description
.env.example	Quick start template
.env.example.full	Full variable list
docs/en/ENV_REFERENCE.md	Complete reference

Platform Support: macOS, Linux, and Windows (via WSL2 Bridge).

---

📚 Tutorials

Tutorial	Time	Description
01. Basic Usage	5 min	Simplest examples, one-line execution
02. Skill Management	10 min	Create and manage skills
03. Agentic Loop	15 min	Multi-turn conversations and tool calls
04. LangChain Integration	15 min	Integration with LangChain framework
05. LlamaIndex Integration	15 min	RAG + skill execution
06. MCP Server	10 min	Claude Desktop integration
07. OpenCode Integration	10 min	One-command OpenCode integration

👉 View All Tutorials

---

Evolution Arena (Evotown)

Evotown is an evolution testing platform that puts evolution engines (e.g. SkillLite) in a controlled environment for evolution effect validation.

---

💡 Usage

Direct Skill Execution

from skilllite import run_skill

result = run_skill("./.skills/calculator", '{"operation": "add", "a": 15, "b": 27}')
print(result["text"])

Skill Repository Management

skilllite add owner/repo                    # Add all skills from a GitHub repo
skilllite add owner/repo@skill-name         # Add a specific skill by name
skilllite add ./local-path                  # Add from local directory
skilllite list                              # List all installed skills
skilllite remove <skill-name>               # Remove an installed skill

Framework Integration

pip install langchain-skilllite   # LangChain adapter

from langchain_skilllite import SkillLiteToolkit
from langgraph.prebuilt import create_react_agent

tools = SkillLiteToolkit.from_directory(
    "./skills",
    sandbox_level=3,  # 1=no sandbox, 2=sandbox only, 3=sandbox+scan
    confirmation_callback=lambda report, sid: input("Continue? [y/N]: ").lower() == 'y'
)
agent = create_react_agent(ChatOpenAI(model="gpt-4"), tools)

See 05. LlamaIndex Integration for LlamaIndex usage.

Security Levels

Level	Description
1	No sandbox — direct execution
2	Sandbox isolation only
3	Sandbox + static security scan (requires confirmation for high-severity issues)

Supported LLM Providers

Provider	base_url
OpenAI	https://api.openai.com/v1
DeepSeek	https://api.deepseek.com/v1
Qwen	https://dashscope.aliyuncs.com/compatible-mode/v1
Moonshot	https://api.moonshot.cn/v1
Ollama (Local)	http://localhost:11434/v1

---

🛠️ Create Custom Skill

Each Skill is a directory with a SKILL.md:

my-skill/
├── SKILL.md           # Skill metadata (required)
├── scripts/main.py    # Entry script
├── references/        # Reference documents (optional)
└── assets/            # Resource files (optional)

SKILL.md example

---
name: my-skill
description: My custom Skill that does something useful.
license: MIT
compatibility: Requires Python 3.x with requests library, network access
metadata:
  author: your-name
  version: "1.0"
---

# My Skill

Detailed description of the Skill.

## Input Parameters

- `query`: Input query string (required)

## Output Format

Returns JSON result.

Dependencies are declared in compatibility (not requirements.txt). Entry point is auto-detected (main.py > main.js > main.ts > main.sh).

---

📦 Crates Architecture

SkillLite is a Cargo workspace of focused, composable crates. Each crate has a single responsibility and can be compiled independently.

skilllite/                         Dependency Flow
├── Cargo.toml                     ────────────────────────────
├── skilllite/  (main binary)      skilllite (CLI entry point)
│                                    ├── skilllite-commands
└── crates/                          │     ├── skilllite-evolution ──┐
    ├── skilllite-core/              │     ├── skilllite-sandbox ────┤
    ├── skilllite-sandbox/           │     └── skilllite-agent (opt) │
    ├── skilllite-evolution/         ├── skilllite-agent             │
    ├── skilllite-executor/          │     ├── skilllite-evolution   │
    ├── skilllite-agent/             │     ├── skilllite-sandbox     │
    ├── skilllite-commands/          │     └── skilllite-executor    │
    ├── skilllite-swarm/             ├── skilllite-swarm             │
    └── skilllite-assistant/         └───────────┬──────────────────┘
                                          skilllite-core (foundation)

Crate	Role	Layer
skilllite-core	Foundation — config, skill metadata, path validation, observability	Shared
skilllite-sandbox	Security Sandbox — OS-native isolation (Seatbelt / bwrap / seccomp), static scan, supply-chain audit, resource limits. Independently deliverable as skilllite-sandbox binary	🔒 Sandbox
skilllite-evolution	Self-Evolving Engine — feedback collection → reflection → evolution → quality gate → audit. Drives prompt / memory / skill evolution	🧬 Evolution
skilllite-executor	Session management — transcript logging, memory storage, vector search (opt)	Agent
skilllite-agent	LLM Agent loop — multi-turn chat, tool orchestration, planning	Agent
skilllite-commands	CLI command implementations — wires crates into skilllite binary	CLI
skilllite-swarm	P2P mesh — mDNS discovery, peer routing, distributed task dispatch	Network
skilllite-assistant	Desktop app — Tauri 2 + React, standalone GUI	App

Two independently deliverable binaries: skilllite (full: evolution + agent + sandbox) and skilllite-sandbox (lightweight: sandbox + MCP only, ~3.6 MB). The sandbox has zero dependency on the agent or evolution crates — other frameworks (LangChain, AutoGen, CrewAI, etc.) can embed it directly via CLI, MCP, or as a Rust crate.

SDK & Integrations

• python-sdk (pip install skilllite) — Thin bridge (~600 lines), zero runtime deps
• langchain-skilllite (pip install langchain-skilllite) — LangChain / LangGraph adapter

CLI Commands

Command	Description
skilllite init	Initialize project (.skills/ + download skills + dependencies + audit)
skilllite quickstart	Zero-config: detect LLM, setup skills, launch chat
skilllite chat	Interactive agent chat (or --message for single-shot)
skilllite add owner/repo	Add skills from GitHub
skilllite remove <name>	Remove an installed skill
skilllite list	List installed skills
skilllite show <name>	Show skill details
skilllite run <dir> '<json>'	Execute a skill directly
skilllite scan <dir>	Scan skill for security issues
skilllite evolution status	View evolution metrics and history
skilllite evolution run	Force-trigger evolution cycle
skilllite mcp	Start MCP server (Cursor/Claude Desktop)
skilllite serve	Start IPC daemon (stdio JSON-RPC)
skilllite init-cursor	Initialize Cursor IDE integration
skilllite init-opencode	Initialize OpenCode integration
skilllite clean-env	Clean cached runtime environments
skilllite reindex	Re-index all installed skills

Build from Source

Install Rust (if not already installed)

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source ~/.cargo/env

Build & Install Commands (from repository root)

Package	Binary	Command	Description
skilllite	skilllite	cargo build -p skilllite	Full (Evolution + Agent + Sandbox + MCP)
skilllite	skilllite	cargo build -p skilllite --features memory_vector	Full + vector memory search
skilllite	skilllite	cargo build -p skilllite --no-default-features	Minimal: run/exec/bash/scan only
skilllite	skilllite-sandbox	cargo build -p skilllite --bin skilllite-sandbox --no-default-features --features sandbox_binary	Sandbox + MCP only

Install (to ~/.cargo/bin/)

Command	What you get
cargo install --path skilllite	skilllite — full
cargo install --path skilllite --features memory_vector	skilllite — full + vector memory
cargo install --path skilllite --bin skilllite-sandbox --no-default-features --features sandbox_binary	skilllite-sandbox — sandbox + MCP only

Default features = sandbox, audit, agent, swarm. Vector memory (memory_vector) is not in default.

OpenCode Integration

pip install skilllite
skilllite init-opencode   # Auto-configure OpenCode MCP
opencode

The init-opencode command automatically detects the best way to start the MCP server, creates opencode.json, and discovers your skills.

Desktop Assistant (skilllite-assistant)

Tauri 2 + React Desktop, located at crates/skilllite-assistant/:

cd crates/skilllite-assistant
npm install
npm run tauri dev    # dev mode (HMR)
npm run tauri build

See crates/skilllite-assistant/README.md.

---

📄 License

MIT — See THIRD_PARTY_LICENSES.md for third-party details.

📚 Documentation

• Getting Started — Installation and quick start guide
• Environment Variables Reference — Complete env var documentation
• Architecture — Project architecture and design
• Architecture Comparison — Claude Code vs OpenClaw vs OpenCode vs SkillLite（中文）
• Contributing Guide — How to contribute