v1.0.0

Evolution Toolkit

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:09 AM.

Analysis

The toolkit is coherent for agent self-improvement, but it deserves review because it persists analyses of workspace memory, can use Gemini/workspace secrets, and includes a protocol that can change the assistant’s default interaction style.

GuidanceInstall only if you want persistent agent self-improvement tooling. Point `EVOLUTION_TOOLKIT_WORKSPACE` at a dedicated workspace, keep secrets out of memory logs, use an explicit limited Gemini key if running the optimizer, and do not load the thinking-partner protocol as a default behavior unless you intentionally want that interaction style.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityMediumConfidenceHighStatusConcern

protocols/thinking-partner.md

_Status: ✅ Active — integrate into default engagement style_ ... reads this before engaging ... on any non-trivial problem.

This broadens a Socratic helper into a default behavior rule for non-trivial problems, which can redirect the assistant away from direct answers or recommendations.

User impactThe assistant may challenge, delay, or avoid direct recommendations even when the user wants straightforward execution.

RecommendationScope this protocol to explicit Socratic or thinking-partner requests, and remove the default-engagement and person-specific instructions unless the user intentionally wants them.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

`scripts/skill-optimizer.js` - Runs an iterative generate -> evaluate -> improve loop for a configurable playbook.

The playbook optimizer is disclosed and config-driven, but it can generate revised prompt/playbook content that may later change agent behavior if adopted.

User impactA poor optimizer configuration or model output could produce unsafe or lower-quality playbook instructions.

RecommendationWrite optimizer outputs to a separate file, diff and review changes manually, and test them before replacing any active prompt or playbook.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none ... No install spec — this is an instruction-only skill ... Required binaries: none

The registry provenance and runtime declarations are sparse even though the package contains runnable Node scripts. This is not evidence of malicious behavior, but it is a review point.

User impactUsers may run included scripts without clear registry-level provenance or complete runtime requirement declarations.

RecommendationVerify the package origin, inspect included scripts before use, and ensure Node and any provider credentials are intentionally configured.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

README.md

`skill-optimizer.js` looks for an API key in this order: 1. `GEMINI_API_KEY` 2. `GOOGLE_API_KEY` 3. Matching keys in your workspace `.secrets`

The optimizer can use provider credentials, including keys found in a local workspace secrets file. The behavior is disclosed and purpose-aligned, but credential discovery from `.secrets` is high-impact and should be tightly scoped.

User impactRunning the optimizer may use the user’s Gemini/Google account quota and may send configured playbook or test-case content to that provider.

RecommendationUse a dedicated, least-privilege API key via an explicit environment variable, avoid placing broad secrets in the workspace, and review optimizer configuration before running it.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

`scripts/session-coherence.js` - Analyzes daily logs for persistent themes, energy, and drift. - Writes a report to `memory/research/` by default.

The skill reads private workspace memory logs and writes derived persistent reports. Similar documented workflows also use imprints and historical comparisons, so stored context can influence future sessions.

User impactPrivate session history, plans, and reasoning patterns may be summarized and preserved; inaccurate or adversarial notes in memory could also steer later agent behavior.

RecommendationUse a dedicated workspace, keep secrets and unrelated private files out of memory logs, review generated memory artifacts, and define a deletion or retention policy.