Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Evolution
v1.0.0Agent 行为固化与进化系统。追踪规则执行、检测行为模式、维护身份连续性。用于:让 agent 的行为规则从"写下来"变成"做到了"。当 agent 需要自我改进、行为追踪、角色一致性、重复检测时激活。与 Memelord/memory-tools 互补:它们管记忆,本 skill 管行为。
⭐ 0· 686·10 current·11 all-time
by翎麟@linglin6
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The code implements behavior tracking, pattern detection, identity persistence, and rule extraction exactly as described. One mismatch: the registry metadata lists no required binaries, but the SKILL.md and the scripts require node (and bash for the shell helpers). That should be declared in metadata.
Instruction Scope
Runtime instructions instruct the agent to run local scripts (node and bash) that read/write a single state file at ~/.openclaw/workspace/.agent-evolution/state.json and (when invoked) scan user-specified files (AGENTS.md/SOUL.md) to extract rules. The skill does not perform network I/O or access other system services. Caution: init-rules.sh will read any file path you pass it and the add-rule command will store extracted text into state.json, so running it against sensitive files can cause local persistence of that content.
Install Mechanism
No install spec (instruction-only) — low installation risk. However, the scripts require a Node.js runtime and a POSIX shell; these runtime requirements are not declared in the metadata (required binaries was left empty).
Credentials
The skill requests no environment variables or credentials. It uses the HOME environment variable to locate its state directory (expected). There are no requests for unrelated secrets or external tokens.
Persistence & Privilege
The skill writes only to its own directory under the user's home (~/.openclaw/workspace/.agent-evolution) and does not attempt to change other skills or system-wide agent settings. always is false and the skill does not request elevated privileges.
Scan Findings in Context
[no_findings] expected: Static pre-scan reported no injection signals; consistent with the script-only, local-file behavior.
Assessment
This skill appears to do what it says: it tracks rule executions, detects behavior patterns, and stores an identity/evolution log locally. Before installing or running it, note: (1) you need Node.js and a POSIX shell to run the scripts — the metadata should list these; (2) the skill creates and updates ~/.openclaw/workspace/.agent-evolution/state.json which will contain rules, logs and identity fields — review this file if it may contain sensitive data; (3) the init-rules.sh helper will read whatever file paths you pass (AGENTS.md/SOUL.md) and persist extracted text into state.json, so do not point it at sensitive files; (4) there is no network access or credential exfiltration in the code, but always review and run code from unknown sources in a constrained environment if you are concerned.Like a lobster shell, security has layers — review code before you run it.
latestvk978aznvskpbjc7k8zqnxce1cn8225gp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.