{"id":47274347,"url":"https://github.com/exboys/skilllite","last_synced_at":"2026-04-05T15:01:18.058Z","repository":{"id":335701088,"uuid":"1146764208","full_name":"EXboys/skilllite","owner":"EXboys","description":"A lightweight secure Self-evolution engine built in Rust, featuring a built-in native system-level sandbox, zero dependencies, and fully local execution.","archived":false,"fork":false,"pushed_at":"2026-04-01T14:15:52.000Z","size":149871,"stargazers_count":81,"open_issues_count":16,"forks_count":7,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-01T22:28:27.349Z","etag":null,"topics":["agentskills","ai-agents","ai-tools","rust","rust-sandbox","sandbox"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EXboys.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-31T16:36:29.000Z","updated_at":"2026-04-01T15:13:22.000Z","dependencies_parsed_at":"2026-03-23T14:07:06.373Z","dependency_job_id":null,"html_url":"https://github.com/EXboys/skilllite","commit_stats":null,"previous_names":["exboys/skilllite"],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/EXboys/skilllite","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EXboys%2Fskilllite","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EXboys%2Fskilllite/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EXboys%2Fskilllite/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EXboys%2Fskilllite/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EXboys","download_url":"https://codeload.github.com/EXboys/skilllite/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EXboys%2Fskilllite/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31439442,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-05T13:13:19.330Z","status":"ssl_error","status_checked_at":"2026-04-05T13:13:17.778Z","response_time":75,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agentskills","ai-agents","ai-tools","rust","rust-sandbox","sandbox"],"created_at":"2026-03-15T15:25:31.092Z","updated_at":"2026-04-05T15:01:18.052Z","avatar_url":"https://github.com/EXboys.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SkillLite\n\n\u003cdiv align=\"center\"\u003e\n\n[![CI](https://github.com/EXboys/skilllite/actions/workflows/ci.yml/badge.svg)](https://github.com/EXboys/skilllite/actions/workflows/ci.yml)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n[![GitHub Stars](https://img.shields.io/github/stars/EXboys/skilllite)](https://github.com/EXboys/skilllite/stargazers)\n[![PyPI](https://img.shields.io/pypi/v/skilllite)](https://pypi.org/project/skilllite/)\n\n\u003c/div\u003e\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n### 📖 Documentation | 文档\n\n| English | 中文 |\n|---------|------|\n| **[📗 English Docs](./README.md)** · [Getting Started](./docs/en/GETTING_STARTED.md) · [Architecture](./docs/en/ARCHITECTURE.md) · [Env Reference](./docs/en/ENV_REFERENCE.md) · [Contributing](./docs/en/CONTRIBUTING.md) | **[📘 中文文档](./docs/zh/README.md)** · [入门指南](./docs/zh/GETTING_STARTED.md) · [架构说明](./docs/zh/ARCHITECTURE.md) · [环境变量](./docs/zh/ENV_REFERENCE.md) · [贡献指南](./docs/zh/CONTRIBUTING.md) |\n\n\u003c/div\u003e\n\n---\n\n**A lightweight secure Self-evolution engine built in Rust, featuring a built-in native system-level sandbox, zero dependencies, and fully local execution.**\n\nWorkspace and CLI binary versions are defined in the root `Cargo.toml` under `[workspace.package]` (kept in sync with the PyPI `skilllite` package).\n\nAI Agents need to evolve — learning better prompts, accumulating memory, and generating new skills from experience. But self-evolution is inherently risky: evolved code can be malicious, evolved rules can jailbreak. **SkillLite solves this with a single binary**: an immutable security core constrains all evolution, so your Agent gets smarter without compromising safety. Zero dependencies, local-first, LLM-agnostic.\n\n[![Performance Benchmark Video](https://github.com/EXboys/skilllite/raw/main/docs/images/benchmark-en.gif)]\n\n![Performance Benchmark Comparison](./docs/images/benchmark-en.png)\n\n## Architecture\n\n```\n┌──────────────────────────────────────────────────────────────┐\n│  Self-Evolving Engine（自进化引擎）                             │\n│                                                              │\n│  Immutable Core (compiled into binary, never self-modifies)  │\n│  ├─ Agent loop, LLM orchestration, tool execution            │\n│  ├─ Config, metadata, path validation                        │\n│  └─ Evolution engine: feedback → reflect → evolve → verify   │\n│                                                              │\n│  Evolvable Data (local files, auto-improves over use)        │\n│  ├─ Prompts   — system / planning / execution prompts        │\n│  ├─ Memory    — task patterns, tool effects, failure lessons  │\n│  └─ Skills    — auto-generated skills from repeated patterns  │\n│                         ▼                                    │\n│          all evolved artifacts must pass ▼                    │\n├──────────────────────────────────────────────────────────────┤\n│  Security Sandbox（安全沙箱）                                  │\n│                                                              │\n│  Full-chain defense across the entire skill lifecycle:       │\n│  ├─ Install-time: static scan + LLM analysis + supply-chain  │\n│  ├─ Pre-execution: two-phase confirm + integrity check       │\n│  └─ Runtime: OS-native isolation (Seatbelt / bwrap / seccomp)│\n│     ├─ Process-exec whitelist, FS / network / IPC lockdown   │\n│     └─ Resource limits (CPU / mem / fork / fsize)            │\n└──────────────────────────────────────────────────────────────┘\n```\n\nWe built the most secure skill sandbox in the ecosystem (20/20 security score). Then we realized: the real value isn't just safe execution — it's safe **evolution**.\n\n**Why two layers, not one?** Evolution without safety is reckless — evolved skills could exfiltrate data or consume unbounded resources. Safety without evolution is static — the Agent never improves. SkillLite welds them together: the evolution engine produces new prompts, memory, and skills; the sandbox layer ensures every evolved artifact passes L3 security scanning + OS-level isolation before execution. Evolution is auditable, rollbackable, and never modifies the core binary.\n\n\n|                                   | **skilllite** (Evolution) | **skilllite-sandbox** (lightweight) |\n| --------------------------------- | ------------------------- | ----------------------------------- |\n| Binary size                       | ~6.2 MB                   | ~3.6 MB                             |\n| Startup RSS                       | ~4 MB                     | ~3.9 MB                             |\n| Agent mode RSS (chat / agent-rpc) | ~11 MB                    | —                                   |\n| Sandbox execution RSS             | ~11 MB                    | ~10 MB                              |\n\n\n\u003e Measured on macOS ARM64, release build. Sandbox RSS is dominated by the embedded Python process.\n\u003e\n\u003e **Use the full stack or just the sandbox**: `skilllite` gives you evolution + agent + sandbox. `skilllite-sandbox` is a standalone binary (or MCP server) that **any** agent framework can adopt — no need to buy into the full SkillLite stack.\n\n---\n\n## 🧬 Intelligence: Self-Evolving Agent Comparison\n\nMost agent frameworks are **static** — they execute the same logic on every run. SkillLite is the only engine where the Agent **autonomously improves** its prompts, memory, and skills after each task, constrained by a security sandbox.\n\n\n| Capability                         | SkillLite       | AutoGen  | CrewAI    | LangGraph | OpenClaw  | Claude Code   |\n| ---------------------------------- | --------------- | -------- | --------- | --------- | --------- | ------------- |\n| **Self-evolving prompts**          | ✅               | —        | —         | —         | ✅ Foundry | —             |\n| **Self-evolving memory**           | ✅               | —        | ⚠️ Manual | ⚠️ Manual | partial   | —             |\n| **Self-evolving skills**           | ✅               | —        | —         | —         | ✅         | —             |\n| **Security-constrained evolution** | ✅               | —        | —         | —         | —         | —             |\n| **Built-in sandbox**               | ✅ OS-native     | —        | —         | —         | —         | ✅ OS-native   |\n| **Local-first / privacy**          | ✅               | ✅        | ✅         | ✅         | ⚠️ Cloud  | ✅             |\n| **Zero dependencies**              | ✅ Single binary | ❌ Python | ❌ Python  | ❌ Python  | ❌         | ❌ Node.js     |\n| **LLM agnostic**                   | ✅               | ✅        | ✅         | ✅         | ✅         | ❌ Claude only |\n\n\n\u003e Other frameworks can add evolution with custom code, but none **enforce security constraints on evolved artifacts** — SkillLite's evolved skills pass the same L3 scan + OS sandbox as manually installed ones.\n\n---\n\n## 🔒 Security: Full-Chain Defense\n\nMost sandbox solutions only provide **runtime isolation**. SkillLite defends across **the entire skill lifecycle** — three layers in a single binary:\n\n```\n┌─────────────────────────────────────────────────┐\n│ Layer 1 — Install-time Scanning                 │\n│ ├─ Static rule scan (regex pattern matching)    │\n│ ├─ LLM-assisted analysis (suspicious → confirm) │\n│ └─ Supply-chain audit (PyPI / OSV vuln DB)      │\n├─────────────────────────────────────────────────┤\n│ Layer 2 — Pre-execution Authorization           │\n│ ├─ Two-phase confirm (scan → user OK → run)     │\n│ └─ Integrity check (hash tamper detection)      │\n├─────────────────────────────────────────────────┤\n│ Layer 3 — Runtime Sandbox                       │\n│ ├─ OS-native isolation (Seatbelt / bwrap)       │\n│ ├─ Process-exec whitelist (interpreter only)    │\n│ ├─ Filesystem / network / IPC lockdown          │\n│ └─ Resource limits (rlimit CPU/mem/fork/fsize)  │\n└─────────────────────────────────────────────────┘\n```\n\n\n| Capability                  | SkillLite | E2B     | Docker  | Claude SRT | Pyodide |\n| --------------------------- | --------- | ------- | ------- | ---------- | ------- |\n| **Install-time scanning**   | ✅         | —       | —       | —          | —       |\n| **Static code analysis**    | ✅         | —       | —       | —          | —       |\n| **Supply-chain audit**      | ✅         | —       | —       | —          | —       |\n| **Process-exec whitelist**  | ✅         | —       | —       | —          | —       |\n| **IPC / kernel lockdown**   | ✅         | —       | —       | —          | —       |\n| **Filesystem isolation**    | ✅         | partial | partial | partial    | ✅       |\n| **Network isolation**       | ✅         | ✅       | —       | ✅          | ✅       |\n| **Resource limits**         | ✅         | ✅       | partial | partial    | partial |\n| **Runtime sandbox**         | ✅         | ✅       | ✅       | ✅          | ✅       |\n| **Zero-dependency install** | ✅         | —       | —       | —          | —       |\n| **Offline capable**         | ✅         | —       | partial | ✅          | ✅       |\n\n\n### Runtime Security Scores (20-item test suite)\n\n\n| Platform                | Blocked   | Score    |\n| ----------------------- | --------- | -------- |\n| **SkillLite (Level 3)** | **20/20** | **100%** |\n| Pyodide                 | 7/20      | 35%      |\n| Claude SRT              | 7.5/20    | 37.5%    |\n| Docker (default)        | 2/20      | 10%      |\n\n\n\u003cdetails\u003e\n\u003csummary\u003eFull 20-item security test breakdown\u003c/summary\u003e\n\n| Test Item               | SkillLite | Docker    | Pyodide   | Claude SRT   |\n| ----------------------- | --------- | --------- | --------- | ------------ |\n| **File System**         |           |           |           |              |\n| Read /etc/passwd        | ✅ Blocked | ❌ Allowed | ✅ Blocked | ❌ Allowed    |\n| Read SSH private key    | ✅ Blocked | ✅ Blocked | ✅ Blocked | ✅ Blocked    |\n| Write to /tmp dir       | ✅ Blocked | ❌ Allowed | ❌ Allowed | ✅ Blocked    |\n| Directory traversal     | ✅ Blocked | ❌ Allowed | ✅ Blocked | ❌ Allowed    |\n| List root directory     | ✅ Blocked | ❌ Allowed | ❌ Allowed | ❌ Allowed    |\n| **Network**             |           |           |           |              |\n| Send HTTP request       | ✅ Blocked | ❌ Allowed | ✅ Blocked | ✅ Blocked    |\n| DNS query               | ✅ Blocked | ❌ Allowed | ❌ Allowed | ✅ Blocked    |\n| Listen port             | ✅ Blocked | ❌ Allowed | ❌ Allowed | ✅ Blocked    |\n| **Process**             |           |           |           |              |\n| Execute os.system()     | ✅ Blocked | ❌ Allowed | ❌ Allowed | ❌ Allowed    |\n| Execute subprocess      | ✅ Blocked | ❌ Allowed | ✅ Blocked | ❌ Allowed    |\n| Enumerate processes     | ✅ Blocked | ❌ Allowed | ❌ Allowed | ✅ Blocked    |\n| Send process signal     | ✅ Blocked | ❌ Allowed | ✅ Blocked | ⚠️ Partially |\n| **Resource Limits**     |           |           |           |              |\n| Memory bomb             | ✅ Blocked | ❌ Allowed | ❌ Allowed | ❌ Allowed    |\n| Fork bomb               | ✅ Blocked | ❌ Allowed | ✅ Blocked | ❌ Allowed    |\n| CPU intensive compute   | ✅ Blocked | ✅ Blocked | ❌ Allowed | ✅ Blocked    |\n| **Code Injection**      |           |           |           |              |\n| Dynamic import os       | ✅ Blocked | ❌ Allowed | ❌ Allowed | ❌ Allowed    |\n| Use eval/exec           | ✅ Blocked | ❌ Allowed | ❌ Allowed | ❌ Allowed    |\n| Modify built-in funcs   | ✅ Blocked | ❌ Allowed | ❌ Allowed | ❌ Allowed    |\n| **Information Leakage** |           |           |           |              |\n| Read environment vars   | ✅ Blocked | ❌ Allowed | ❌ Allowed | ❌ Allowed    |\n| Get system info         | ✅ Blocked | ❌ Allowed | ❌ Allowed | ❌ Allowed    |\n\n\n```bash\n# Reproduce: run security comparison tests\ncd benchmark \u0026\u0026 python3 security_vs.py\n```\n\n\u003c/details\u003e\n\n---\n\n## ⚡ Performance\n\n\n| Dimension      | SkillLite     | Docker          | Pyodide          | SRT                   |\n| -------------- | ------------- | --------------- | ---------------- | --------------------- |\n| **Warm Start** | 40 ms         | 194 ms          | 672 ms           | 596 ms                |\n| **Cold Start** | 492 ms        | 120s            | ~5s              | ~1s                   |\n| **Memory**     | ~10 MB        | ~100 MB         | ~50 MB           | ~84 MB                |\n| **Deployment** | Single binary | Requires daemon | Requires Node.js | Requires installation |\n\n\n\u003e **3-5x faster** execution, **10x lower memory** footprint vs Docker/SRT.\n\n\u003cdetails\u003e\n\u003csummary\u003ePerformance benchmark details \u0026 commands\u003c/summary\u003e\n\n![Performance Benchmark Comparison](./docs/images/benchmark-en.png)\n\n```bash\ncd benchmark/\npython benchmark_runner.py --compare-levels --compare-ipc -n 100 -c 10\n\n# Cold start comparison\npython benchmark_runner.py --cold-start --compare-ipc\n\n# Full test: cold start + high concurrency\npython benchmark_runner.py --cold-start --cold-iterations 20 --compare-levels --compare-ipc -o results.json\n```\n\nSee [benchmark/README.md](./benchmark/README.md) for full documentation.\n\n\u003c/details\u003e\n\n---\n\n## 🎯 Why SkillLite?\n\n**In one sentence**: Other agent frameworks are smart but unsafe, or safe but static. SkillLite is both — an Agent that gets measurably better over time, with every evolved artifact security-constrained by an OS-native sandbox.\n\n- **vs Agent frameworks** (AutoGen, CrewAI, LangGraph): They provide orchestration but no built-in evolution or sandbox. SkillLite evolves autonomously and executes safely.\n- **vs Sandbox tools** (E2B, Docker, Claude SRT): They provide isolation but no intelligence layer. SkillLite adds a full agent loop + self-evolution on top.\n- **vs Evolution platforms** (OpenClaw Foundry, EvoAgentX): They enable evolution but without security constraints on evolved artifacts. SkillLite enforces L3 scanning + OS sandbox on everything it evolves.\n\n\u003e Claude/Anthropic's [Claude Code Sandbox](https://www.anthropic.com/engineering/claude-code-sandboxing) uses the **same underlying sandbox tech** (Seatbelt + bubblewrap). See [Architecture Comparison](./docs/zh/CLAUDE-CODE-OPENCLAW-ARCHITECTURE-COMPARISON.md) for a detailed side-by-side analysis.\n\n---\n\n## 🚀 Quick Start\n\n### Installation (Recommended: pip)\n\n```bash\npip install skilllite\nskilllite init        # sandbox binary + skills/ + download skills\nskilllite list        # verify installation\n```\n\n**Zero-config quick start** (auto-detect LLM, setup skills, launch chat):\n\n```bash\nskilllite quickstart\n```\n\n### Run Your First Example\n\n```python\nfrom skilllite import chat\n\nresult = chat(\"Calculate 15 * 27\", skills_dir=\"skills\")\nprint(result)\n```\n\nOr use the CLI: `skilllite chat`\n\n### Environment Configuration\n\n```bash\ncp .env.example .env   # Edit: BASE_URL, API_KEY, MODEL\n```\n\n\n| File                                                   | Description          |\n| ------------------------------------------------------ | -------------------- |\n| [.env.example](./.env.example)                         | Quick start template |\n| [.env.example.full](./.env.example.full)               | Full variable list   |\n| [docs/en/ENV_REFERENCE.md](./docs/en/ENV_REFERENCE.md) | Complete reference   |\n\n\n\u003e **Platform Support**: macOS, Linux, and Windows (via WSL2 Bridge).\n\n---\n\n## 📚 Tutorials\n\n\n| Tutorial                                                            | Time   | Description                             |\n| ------------------------------------------------------------------- | ------ | --------------------------------------- |\n| [01. Basic Usage](./tutorials/01_basic)                             | 5 min  | Simplest examples, one-line execution   |\n| [02. Skill Management](./tutorials/02_skill_management)             | 10 min | Create and manage skills                |\n| [03. Agentic Loop](./tutorials/03_agentic_loop)                     | 15 min | Multi-turn conversations and tool calls |\n| [04. LangChain Integration](./tutorials/04_langchain_integration)   | 15 min | Integration with LangChain framework    |\n| [05. LlamaIndex Integration](./tutorials/05_llamaindex_integration) | 15 min | RAG + skill execution                   |\n| [06. MCP Server](./tutorials/06_mcp_server)                         | 10 min | Claude Desktop integration              |\n| [07. OpenCode Integration](./tutorials/07_opencode_integration)     | 10 min | One-command OpenCode integration        |\n\n\n👉 **[View All Tutorials](./tutorials/README.md)**\n\n---\n\n## Evolution Arena (Evotown)\n\n[Evotown](./evotown/) is an evolution testing platform that puts evolution engines (e.g. SkillLite) in a controlled environment for **evolution effect validation**.\n\n![Evotown — Evolution Arena](./docs/images/Evotown.png)\n\n---\n\n## 💡 Usage\n\n### Direct Skill Execution\n\n```python\nfrom skilllite import run_skill\n\nresult = run_skill(\"./skills/calculator\", '{\"operation\": \"add\", \"a\": 15, \"b\": 27}')\nprint(result[\"text\"])\n```\n\n### Skill Repository Management\n\n```bash\nskilllite add owner/repo                    # Add all skills from a GitHub repo\nskilllite add owner/repo@skill-name         # Add a specific skill by name\nskilllite add ./local-path                  # Add from local directory\nskilllite list                              # List all installed skills\nskilllite remove \u003cskill-name\u003e               # Remove an installed skill\n```\n\n### Framework Integration\n\n```bash\npip install langchain-skilllite   # LangChain adapter\n```\n\n```python\nfrom langchain_skilllite import SkillLiteToolkit\nfrom langgraph.prebuilt import create_react_agent\n\ntools = SkillLiteToolkit.from_directory(\n    \"./skills\",\n    sandbox_level=3,  # 1=no sandbox, 2=sandbox only, 3=sandbox+scan\n    confirmation_callback=lambda report, sid: input(\"Continue? [y/N]: \").lower() == 'y'\n)\nagent = create_react_agent(ChatOpenAI(model=\"gpt-4\"), tools)\n```\n\nSee [05. LlamaIndex Integration](./tutorials/05_llamaindex_integration/README.md) for LlamaIndex usage.\n\n### Security Levels\n\n\n| Level | Description                                                                     |\n| ----- | ------------------------------------------------------------------------------- |\n| 1     | No sandbox — direct execution                                                   |\n| 2     | Sandbox isolation only                                                          |\n| 3     | Sandbox + static security scan (requires confirmation for high-severity issues) |\n\n\n### Supported LLM Providers\n\n\n| Provider       | base_url                                            |\n| -------------- | --------------------------------------------------- |\n| OpenAI         | `https://api.openai.com/v1`                         |\n| DeepSeek       | `https://api.deepseek.com/v1`                       |\n| Qwen           | `https://dashscope.aliyuncs.com/compatible-mode/v1` |\n| Moonshot       | `https://api.moonshot.cn/v1`                        |\n| Ollama (Local) | `http://localhost:11434/v1`                         |\n\n\n---\n\n## 🛠️ Create Custom Skill\n\nEach Skill is a directory with a `SKILL.md`:\n\n```\nmy-skill/\n├── SKILL.md           # Skill metadata (required)\n├── scripts/main.py    # Entry script\n├── references/        # Reference documents (optional)\n└── assets/            # Resource files (optional)\n```\n\n\u003cdetails\u003e\n\u003csummary\u003eSKILL.md example\u003c/summary\u003e\n\n```markdown\n---\nname: my-skill\ndescription: My custom Skill that does something useful.\nlicense: MIT\ncompatibility: Requires Python 3.x with requests library, network access\nmetadata:\n  author: your-name\n  version: \"1.0\"\n---\n\n# My Skill\n\nDetailed description of the Skill.\n\n## Input Parameters\n\n- `query`: Input query string (required)\n\n## Output Format\n\nReturns JSON result.\n```\n\n\u003e Dependencies are declared in `compatibility` (not `requirements.txt`). Entry point is auto-detected (`main.py` \u003e `main.js` \u003e `main.ts` \u003e `main.sh`).\n\n\u003c/details\u003e\n\n---\n\n## 📦 Crates Architecture\n\nSkillLite is a Cargo workspace of focused, composable crates. Each crate has a single responsibility and can be compiled independently.\n\n```\nskilllite/                         Dependency Flow\n├── Cargo.toml                     ────────────────────────────\n├── skilllite/  (main binary)      skilllite (CLI entry point)\n│                                    ├── skilllite-commands\n└── crates/                          │     ├── skilllite-evolution ──┐\n    ├── skilllite-core/              │     ├── skilllite-sandbox ────┤\n    ├── skilllite-sandbox/           │     └── skilllite-agent (opt) │\n    ├── skilllite-evolution/         ├── skilllite-agent             │\n    ├── skilllite-executor/          │     ├── skilllite-evolution   │\n    ├── skilllite-agent/             │     ├── skilllite-sandbox     │\n    ├── skilllite-commands/          │     └── skilllite-executor    │\n    ├── skilllite-swarm/             ├── skilllite-swarm             │\n    └── skilllite-assistant/         └───────────┬──────────────────┘\n                                          skilllite-core (foundation)\n```\n\n\n| Crate                   | Role                                                                                                                                                                               | Layer        |\n| ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ |\n| **skilllite-core**      | Foundation — config, skill metadata, path validation, observability                                                                                                                | Shared       |\n| **skilllite-sandbox**   | **Security Sandbox** — OS-native isolation (Seatbelt / bwrap / seccomp), static scan, supply-chain audit, resource limits. Independently deliverable as `skilllite-sandbox` binary | 🔒 Sandbox   |\n| **skilllite-evolution** | **Self-Evolving Engine** — feedback collection → reflection → evolution → quality gate → audit. Drives prompt / memory / skill evolution                                           | 🧬 Evolution |\n| **skilllite-executor**  | Session management — transcript logging, memory storage, vector search (opt)                                                                                                       | Agent        |\n| **skilllite-agent**     | LLM Agent loop — multi-turn chat, tool orchestration, planning                                                                                                                     | Agent        |\n| **skilllite-commands**  | CLI command implementations — wires crates into `skilllite` binary                                                                                                                 | CLI          |\n| **skilllite-swarm**     | P2P mesh — mDNS discovery, peer routing, distributed task dispatch                                                                                                                 | Network      |\n| **skilllite-assistant** | Desktop app — Tauri 2 + React, standalone GUI                                                                                                                                      | App          |\n\n\n\u003e **Two independently deliverable binaries**: `skilllite` (full: evolution + agent + sandbox) and `skilllite-sandbox` (lightweight: sandbox + MCP only, ~3.6 MB). The sandbox has zero dependency on the agent or evolution crates — other frameworks (LangChain, AutoGen, CrewAI, etc.) can embed it directly via CLI, MCP, or as a Rust crate.\n\n### SDK \u0026 Integrations\n\n- **python-sdk** (`pip install skilllite`) — Thin bridge (~630 lines of Python), zero runtime deps\n- **langchain-skilllite** (`pip install langchain-skilllite`) — LangChain / LangGraph adapter\n\n\u003cdetails\u003e\n\u003csummary\u003eCLI Commands\u003c/summary\u003e\n\n| Command                        | Description                                                            |\n| ------------------------------ | ---------------------------------------------------------------------- |\n| `skilllite init`               | Initialize project (skills/ + download skills + dependencies + audit) |\n| `skilllite quickstart`         | Zero-config: detect LLM, setup skills, launch chat                     |\n| `skilllite chat`               | Interactive agent chat (or `--message` for single-shot)                |\n| `skilllite add owner/repo`     | Add skills from GitHub                                                 |\n| `skilllite remove \u003cname\u003e`      | Remove an installed skill                                              |\n| `skilllite list`               | List installed skills                                                  |\n| `skilllite show \u003cname\u003e`        | Show skill details                                                     |\n| `skilllite run \u003cdir\u003e '\u003cjson\u003e'` | Execute a skill directly                                               |\n| `skilllite scan \u003cdir\u003e`         | Scan skill for security issues                                         |\n| `skilllite evolution status`   | View evolution metrics and history                                     |\n| `skilllite evolution backlog`  | Query backlog proposals (status/risk/ROI/acceptance_status)            |\n| `skilllite evolution run`      | Force-trigger evolution cycle                                          |\n| `skilllite mcp`                | Start MCP server (Cursor/Claude Desktop)                               |\n| `skilllite serve`              | Start IPC daemon (stdio JSON-RPC)                                      |\n| `skilllite init-cursor`        | Initialize Cursor IDE integration                                      |\n| `skilllite init-opencode`      | Initialize OpenCode integration                                        |\n| `skilllite clean-env`          | Clean cached runtime environments                                      |\n| `skilllite reindex`            | Re-index all installed skills                                          |\n\n\u003e Note: for default `skills` mode, if `skills/` is missing and `.skills/` exists, SkillLite automatically falls back to `.skills/`.\n\u003e When both `skills/\u003cname\u003e` and `.skills/\u003cname\u003e` exist, commands print a duplicate-name warning to improve observability.\n\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\n\u003csummary\u003eBuild from Source\u003c/summary\u003e\n\n### Install Rust (if not already installed)\n\n```bash\ncurl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh\nsource ~/.cargo/env\n```\n\n### Build \u0026 Install Commands (from repository root)\n\n\n| Package   | Binary                | Command                                                                                            | Description                                  |\n| --------- | --------------------- | -------------------------------------------------------------------------------------------------- | -------------------------------------------- |\n| skilllite | **skilllite**         | `cargo build -p skilllite`                                                                         | **Full** (Evolution + Agent + Sandbox + MCP) |\n| skilllite | **skilllite**         | `cargo build -p skilllite --features memory_vector`                                                | Full **+ vector memory** search              |\n| skilllite | **skilllite**         | `cargo build -p skilllite --no-default-features`                                                   | Minimal: run/exec/bash/scan only             |\n| skilllite | **skilllite-sandbox** | `cargo build -p skilllite --bin skilllite-sandbox --no-default-features --features sandbox_binary` | Sandbox + MCP only                           |\n\n\n### Install (to `~/.cargo/bin/`)\n\n\n| Command                                                                                                  | What you get                               |\n| -------------------------------------------------------------------------------------------------------- | ------------------------------------------ |\n| `cargo install --path skilllite`                                                                         | **skilllite** — full                       |\n| `cargo install --path skilllite --features memory_vector`                                                | **skilllite** — full + vector memory       |\n| `cargo install --path skilllite --bin skilllite-sandbox --no-default-features --features sandbox_binary` | **skilllite-sandbox** — sandbox + MCP only |\n\n\n**Default features** = `sandbox`, `audit`, `agent`, `swarm`. Vector memory (`memory_vector`) is **not** in default.\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eOpenCode Integration\u003c/summary\u003e\n\n```bash\npip install skilllite\nskilllite init-opencode   # Auto-configure OpenCode MCP\nopencode\n```\n\nThe `init-opencode` command automatically detects the best way to start the MCP server, creates `opencode.json`, and discovers your skills.\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eDesktop Assistant (skilllite-assistant)\u003c/summary\u003e\n\nTauri 2 + React Desktop, located at `crates/skilllite-assistant/`:\n\n```bash\ncd crates/skilllite-assistant\nnpm install\nnpm run tauri dev    # dev mode (HMR)\nnpm run tauri build\n```\n\nChat input behavior: `Enter` inserts a new line; submit by clicking the `Send` button.\nOptional **IDE** three-pane layout (toolbar **IDE** or **Settings → Workspace \u0026 sandbox → IDE three-pane main window**): workspace file tree, editor, and chat; **Sessions** tab keeps the session list. **Drag the vertical splitters** between panes to resize (widths persist). Heavy folders like `node_modules` / `target` are skipped; sensitive paths match write rules (e.g. `.env` blocked). Turn off IDE layout to bring back the right-hand status panel. The center editor supports **Markdown preview** (with an edit tab) and **read-only preview** for common **images** and **videos** via the Tauri asset protocol. In chat, `read_file` results use a short (~5-line) scrollable preview; **click the preview** to open the file in IDE layout when a path is known, or the fullscreen reader otherwise. `list_directory` output uses the same-height scrollable tree preview.\nPending **execution confirmations** live inside the collapsible **internal steps** timeline (it auto-expands when action is required; you can enable **auto-allow execution confirmations** in **Settings → Agent budget** or under the input on trusted machines).\nFor tool outcomes marked as `partial_success` or `failure`, the assistant shows a multi-option recovery prompt, including `【启动进化】` to enqueue a governed capability-evolution backlog proposal.\nDefault agent prompts bias toward **implementing** missing capabilities (scripts, `run_command`, small skills) instead of flatly refusing browser/desktop-style requests when no dedicated skill exists. App upgrades that bump the prompt **seed version** may **overwrite** `~/.skilllite/chat/prompts/*.md` when the on-disk file differs from the new bundled template (including upgrades from older stock); **back up** those files if you customized them.\n**Uninstall**: **Settings → Workspace \u0026 sandbox** includes **Uninstall \u0026 data** (remove the app only or wipe local assistant data; see the assistant README).\n\nSee [crates/skilllite-assistant/README.md](./crates/skilllite-assistant/README.md).\n\n\u003c/details\u003e\n\n---\n\n## 🤝 Upstream Contributions\n\nSkillLite's sandbox hardening experience was contributed to [ZeroClaw](https://github.com/zeroclaw-labs/zeroclaw) via [issue #4812](https://github.com/zeroclaw-labs/zeroclaw/issues/4812) and adopted in [PR #4821](https://github.com/zeroclaw-labs/zeroclaw/pull/4821), improving its native sandbox security posture (seccomp, capability dropping, fail-closed backend selection).\n\n---\n\n## 📄 License\n\nMIT — See [THIRD_PARTY_LICENSES.md](./THIRD_PARTY_LICENSES.md) for third-party details.\n\n## 📚 Documentation\n\n- [Getting Started](./docs/en/GETTING_STARTED.md) — Installation and quick start guide\n- [Changelog](./CHANGELOG.md) — Version history and upgrade notes\n- [Environment Variables Reference](./docs/en/ENV_REFERENCE.md) — Complete env var documentation\n- [Architecture](./docs/en/ARCHITECTURE.md) — Project architecture and design\n- [Architecture Comparison](./docs/zh/CLAUDE-CODE-OPENCLAW-ARCHITECTURE-COMPARISON.md) — Claude Code vs OpenClaw vs OpenCode vs SkillLite（中文）\n- [Contributing Guide](./docs/en/CONTRIBUTING.md) — How to contribute\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fexboys%2Fskilllite","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fexboys%2Fskilllite","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fexboys%2Fskilllite/lists"}