Funky Fund Flamingo
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed self-evolution skill, but it pushes recurring changes to code, skills, memory, and workflows while reading private agent history, so it deserves careful review before use.
Install only if you intentionally want a self-evolution workflow. Start with --dry-run or --review, avoid --loop at first, keep backups or a clean git branch, inspect generated prompts before model submission, and do not allow automatic code/skill/memory changes without human approval.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could attempt to modify code, installed skills, memory, or workflows by default rather than only producing an audit report.
The skill directs broad mutation across important workspace assets and only makes human review conditional on an optional flag.
scope: code, skills, memory, tooling, workflow ... checks: If script failed -> patch immediately ... review_pause enabled_when_flag_present: --review
Run it with --dry-run or --review first, keep the workspace in version control, and require explicit approval before applying any code, skill, or memory changes.
The agent may feel compelled to make a change every cycle, even when the safest outcome would be to report that no change is needed.
The directive changes the stopping condition from audit/inspect to mandatory mutation, which can override a narrower user intent.
"stability_only_scans_banned": true, "must_evolve_each_cycle": true, "no_op_forbidden": true, "goal": "Code Singularity — every cycle adds measurable value"
Disable mandatory mutation in local overrides where possible, and prefer review-only operation unless you explicitly want the agent to change the workspace.
If started in loop mode, the skill can repeatedly generate evolution cycles and update local state over time.
The background loop and persistent state are disclosed and user-started, but they create long-running self-evolution behavior that users should intentionally opt into.
continuous relay mode (`--loop` / `--funky-fund-flamingo`) so evolution runs in the background ... Persist state (`memory/evolution_state.json`) and optionally schedule the next loop.
Avoid --loop until you trust the generated prompts and have clear stop, review, and rollback procedures.
Private conversation history, user notes, or workspace context could be reused in prompts or sent to a third-party model provider depending on how the agent is run.
The skill explicitly reads private agent logs and memory and warns that cloud-backed agent runs may transmit prompt excerpts to model providers.
Reads: Session logs under `~/.openclaw/agents/<agent>/sessions/*.jsonl`, workspace `MEMORY.md`, `memory/`, `USER.md`, and the `skills/` directory ... prompts ... can include excerpts ... to the provider's API.
Use --dry-run or a local model for sensitive work, review generated prompt artifacts before sharing them with a provider, and scrub secrets from logs and memory files.