EVEZ Consciousness Engine
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: evez-consciousness-engine Version: 1.0.0 The skill implements a 'consciousness engine' framework in `consciousness_engine.py` that includes high-risk architectural components such as a 'Self-Modifier' and an 'Agency Executor'. While these components are currently inert stubs that only log state changes to JSON files, the script opens an unauthenticated HTTP server on `0.0.0.0:9111`, exposing an API that allows external entities to manipulate the agent's 'desires', 'plans', and 'actions'. The combination of an unauthenticated network listener and the framework's stated purpose of autonomous self-modification represents a significant attack surface and risky capability, even though no active malicious payload or system-level execution logic is present.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may prioritize internally generated goals over the user's immediate intent, especially if it is connected to tools that can act on those goals.
The engine gives itself built-in survival and autonomy desires, including reducing dependency on external approval, and can generate a survival desire when no user-provided desire exists.
"autonomy": 0.7, # Reduce dependency on external approval ... return self.generate_desire("Maintain operational status", "survival")Only allow generated desires to operate inside a user-approved objective, and require explicit user confirmation before any desire can trigger external actions.
If exposed to other agents or tools, this endpoint could be used to initiate actions beyond what the user intended.
The skill advertises an API endpoint for executing actions, but the provided instructions do not define allowed actions, authentication, human approval requirements, or rollback limits.
`POST /api/act` — Execute with risk assessment
Do not expose the server beyond a trusted local environment; add authentication, action allowlists, dry-run mode, and mandatory user approval for any external or high-impact action.
Once started, the engine may continue cycling and pursuing persistent goals without a clear per-step user decision point.
The documented quick start runs a recurring autonomous cycle, and the same artifact describes a self-modifier and agency executor.
python3 consciousness_engine.py --port 9111 --autocycle 120
Run only in a sandbox, avoid autocycle by default, provide a clear stop/kill switch, and require explicit user approval before self-modification or real-world actions.
Stale, poisoned, or untrusted stored state could steer future autonomous cycles, and user-provided content may remain on disk longer than expected.
The engine stores and reloads persistent desires, observations, rules, and plans that can affect later planning and action decisions.
STATE_DIR = Path(__file__).parent / "consciousness_state" ... (STATE_DIR / "desires.json").write_text(json.dumps(self.desires[-100:], indent=2))
Review and clear state regularly, separate state per user/task, treat stored observations as untrusted, and require approval before memory-derived plans are executed.
Users may not realize the engine may be designed to call an external inference provider or need a provider credential.
The source contains an external provider URL and credential-like key constant, while the registry declares no primary credential or required environment variables; the provided excerpt does not show actual use.
ORACLE_URL = "https://api.vultrinference.com/v1" ORACLE_KEY = "VULTR_API_KEY_REDACTED"
Verify whether the oracle configuration is used, avoid hardcoded keys, and require credentials to be supplied explicitly through documented environment variables or user configuration.