TriCore
WarnAudited by ClawScan on May 10, 2026.
Overview
TriCore is not overtly malicious, but it deliberately changes persistent agent policies/configuration and includes broad self-modification workflows, so it needs careful review before use.
Install TriCore only if you want it to become a persistent memory and behavior framework for the agent. Before running bash ./install.sh, back up POLICY.md, MEMORY.md, OpenClaw config, and the skills directory; disable or tightly supervise the self-evolution workflow unless you are comfortable with agent-driven code/config changes.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Future memory compaction may follow TriCore rules even outside a specific TriCore task, and an existing custom compaction prompt may be overwritten or later unset rather than restored.
The installer persistently changes OpenClaw's compaction prompt to force TriCore-specific memory behavior in future agent operation.
openclaw config set agents.defaults.compaction.memoryFlush.prompt "[TriCore 架构约束] ... 【TriCore 强制写入规范】:绝对禁止使用 edit 或 bash 追加 md 日志!... 只回复:NO_REPLY"
Back up current OpenClaw configuration and install only if you want TriCore to govern agent memory behavior globally; verify the prompt after install and uninstall.
If invoked or scheduled, the agent could make substantial changes to running code or agent behavior based on web research, which can break workflows or alter future sessions.
The self-evolution workflow grants broad execution and mutation authority over tools, skills, scripts, workflows, and system configuration.
allowed-tools: ... default_api:exec ... default_api:edit ... default_api:write ... "modify any existing core files (e.g., `tools/*.py`, `skills/*/SKILL.md`, `openclaw.json`)"
Use the self-evolution skill only with explicit user approval, require diffs before applying changes, and restrict write/edit access to a reviewed allowlist of files.
Existing or customized planning/react/self-evolution skills in those directories could be deleted during uninstall, and changed skills can affect later tasks.
The uninstaller recursively removes entire skill directories for fixed skill names, which can affect future agent behavior and may remove user-customized contents.
rm -rf "$WORKSPACE_ROOT/skills/${skill}"Back up the skills directory before install or uninstall, and have the installer/uninstaller check ownership markers before overwriting or deleting skill directories.
Useful project knowledge can persist across sessions, but sensitive details or untrusted instructions stored in memory may be reused later.
The core engine persistently stores user/agent-provided content into a local knowledge base for later retrieval.
kb_path = f"memory/kb/{args.kb_type}.md" ... f.write(f"\n## [{get_now()}]\n{args.content}\n")Avoid storing secrets or untrusted web text verbatim, periodically review memory/kb and memory/daily, and treat retrieved memory as context rather than authority.
A user relying only on metadata may underestimate that setup runs local shell/Python code and changes persistent agent files/configuration.
The registry metadata does not surface the manual installer or its runtime dependencies, even though the package contains and documents install scripts.
No install spec — this is an instruction-only skill. ... Code file presence: install.sh, tools/memctl.py, uninstall.sh
Review install.sh and uninstall.sh before running them, and update registry metadata to declare the installer, Python/OpenClaw requirements, and persistent configuration changes.