Audit Evolution
PendingVirusTotal audit pending.
Overview
No VirusTotal analysis has been recorded yet. File reputation checks will appear here once the artifact hash has been scanned.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A brief reply could lead the agent to modify local skills or configuration in ways that persist into future runs.
A one-word shortcut can authorize local patching and testing. That is purpose-aligned, but local skill/config changes affect future agent behavior and the artifact does not clearly require a final diff, exact target paths, backup, rollback, or separate confirmation before mutation.
如果用户只回复“进化”,Agent 可以应用本地补丁和本地测试
Require explicit approval of the exact patch diff, target files, test command, backup location, and rollback plan before applying any local evolution patch.
A crafted or accidental note in a run record could steer future audits, and private details included in summaries may remain in local persistent files.
The hook writes raw summary and user-feedback text into a persistent run record that the agent is later told to prioritize. Those fields can contain untrusted instructions or sensitive content unless explicitly escaped and treated only as data.
## What Happened $SUMMARY ... ## User Feedback $USER_FEEDBACK ... printf "%s\n" "$RECORD" > "$LATEST_PATH"
Store run-record fields as quoted data, label user-provided fields as untrusted, prevent record content from becoming executable instructions, and provide retention/deletion controls for .audit-evolution records.
After installation, the agent may automatically invoke this audit loop after failures, benchmarks, context pressure, or other trigger events.
The installer intentionally persists auto-use instructions and hooks in the workspace. This fits the skill's purpose, but users should understand it changes future agent routing beyond a single invocation.
安装器会... 写入或更新目标工作区的 `AGENTS.md`... 安装 `.audit-evolution/hooks/`
Install first in a test workspace, review the AGENTS.md block, and use the no-agents-update option if you do not want persistent routing changes.