Genome Manager
ReviewAudited by ClawScan on May 10, 2026.
Overview
Genome Manager is not clearly malicious, but it needs review because it stores reusable agent-behavior data persistently and its script can read or write JSON files outside the intended genome directory while making credential-safety claims it does not enforce.
Install only if you are comfortable with local persistent agent-behavior storage. Use simple safe genome names, do not store secrets in prompts or genome metadata, and review genome files before adopting or sharing them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or attacker-influenced genome name could cause the agent to print or overwrite other JSON files the user account can access.
The user/agent-supplied genome name is joined into a path without rejecting absolute paths, '..', or path separators. This can allow reading or overwriting JSON files outside the intended ~/.openclaw/genomes directory.
create_parser.add_argument("--name", required=True, help="Genome name") ... filepath = GENOMES_DIR / f"{args.name}.json" ... with open(filepath, 'w') as f:Restrict genome names to safe basenames, reject absolute paths and path separators, resolve the final path, verify it remains under the genome directory, and ask before overwriting existing files.
Users may over-trust the skill and save or share genomes containing sensitive prompt content or credentials.
This absolute safety claim is not backed by the implementation: the script accepts arbitrary prompt text and the validate command does not scan for credentials, so secrets could be stored if included by a user or agent.
- Genomes never contain API keys or credentials
Replace the absolute claim with a clear limitation, implement credential/secret detection in create and validate, and warn users before storing or sharing prompt content.
Stored genomes may influence future agent behavior and may retain task details longer than expected.
The skill intentionally creates persistent, reusable behavior records that may include steps, tools, and prompt references and can be reused by other agents.
Default genome storage: ... `~/.openclaw/genomes/` - Shared across agents
Review genome contents before reuse or sharing, avoid storing sensitive prompts, and only adopt genomes from trusted sources.