Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Evoclaw Local
v1.0.0Manages and evolves your AI agent identity (SOUL.md) by processing experiences through a structured pipeline of classification, reflection, proposal, and gov...
⭐ 0· 31·0 current·0 all-time
bykai@ink-kai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to manage/evolve an agent's SOUL and that matches most of the included validators and visualization tools. However the package and docs expect external feed API keys (MOLTBOOK_API_KEY, X_BEARER_TOKEN), direct curl polling, and the ability to read/modify OpenClaw config and cron jobs — none of which are declared in the registry metadata (required env vars: none). Requiring system-level config edits and external keys is not proportional or documented in the registry fields.
Instruction Scope
SKILL.md and configure.md explicitly instruct the agent to: prompt the human for raw API keys, automatically write those keys into the user's shell profile and export them for the session, run curl against external APIs, read and modify OpenClaw config files (~/.openclaw/*), list/remove/add cron jobs, and create/modify files across the workspace (SOUL.md, memory/...). Writing secrets to shell profiles and modifying system cron/OpenClaw settings are beyond a narrow 'identity management' scope and are sensitive actions.
Install Mechanism
No install spec (instruction-only) — lower delivery risk because nothing is auto-downloaded. However the skill bundle contains many Python scripts (validators, soul-viz) the agent is expected to run; there's no declared install step or sandboxing. The absence of an install spec conflicts with the presence of runnable code files (the agent may execute them), which is an operational surprise.
Credentials
The included docs and config reference environment variables for external feeds (MOLTBOOK_API_KEY, X_BEARER_TOKEN), but the skill metadata declares no required env vars or primary credential. Moreover, the configure flow advises automatically persisting raw credentials into shell profile files — a high-risk pattern because it writes secrets to persistent, user-visible files without requiring the human to do so. The skill also reads/writes OpenClaw config and cron assignments, which are privileged relative to the stated purpose.
Persistence & Privilege
always:false (normal), and autonomous invocation is permitted (normal). But the instructions request actions with lasting system impact (editing shell profiles, modifying OpenClaw configs, creating cron jobs, and potentially operating across multiple agents/workspaces). Combined with autonomous invocation, that increases blast radius: the skill could be used to persist credentials or change heartbeat/cron behavior without clear constraints. The SKILL.md also includes guidance to 'fix' other agents' cron jobs and undo damage, implying cross-agent write capability.
What to consider before installing
This skill contains a full-on agent-operated installation flow that will prompt for external API keys and then (per its own docs) save them into your shell profile, edit OpenClaw config, and manage cron jobs. Before installing/activating it:
- Do not paste raw API keys into a chat with the agent. If you want external feeds, set API keys yourself in environment variables (e.g., export in a shell) rather than letting the skill write them for you.
- Inspect evoclaw/config.json and evoclaw/configure.md and decide governance='supervised' or 'advisory' (avoid 'autonomous') so SOUL changes require human approval.
- Backup SOUL.md and your OpenClaw config before running any of the configure steps. That way you can revert unwanted changes to heartbeats or cron jobs.
- Prefer running the validators and soul-viz scripts yourself in an isolated workspace (not your main agent workspace) so you can see what files are created and whether any scripts attempt to access ~/.openclaw, ~/.zshrc, or other home files.
- If you do enable external sources, set API keys manually and verify permissions; avoid allowing the agent to persist secrets into shell profiles or other system files.
Bottom line: the skill's functionality could be legitimate, but it asks for and instructs actions that affect the host environment and secrets — treat it as untrusted until you review and restrict those behaviors.Like a lobster shell, security has layers — review code before you run it.
latestvk979esh8rf04e3d58j66ftzwq583zvye
License
MIT-0
Free to use, modify, and redistribute. No attribution required.