v1.0.0

Agent Evolution

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:15 AM.

Analysis

No theft or destructive code is shown, but the skill persistently changes the agent's identity and behavior state across sessions, so it should be reviewed before installation.

GuidanceInstall only if you intentionally want the agent to keep long-term behavior and identity state. Review any imported AGENTS.md/SOUL.md rules, periodically inspect the state file, and consider adding explicit approval and reset/rollback controls for persistent updates.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityLowConfidenceHighStatusNote

SKILL.md

从 AGENTS.md / SOUL.md 自动提取规则：

bash scripts/init-rules.sh --agents /path/to/AGENTS.md --soul /path/to/SOUL.md

The skill can turn content from AGENTS.md or SOUL.md into behavior rules. This is purpose-aligned, but those files should be trusted before importing.

User impactIf an imported instruction file contains unsafe or unwanted rules, the agent may preserve them as behavior guidance.

RecommendationOnly import trusted AGENTS.md/SOUL.md files and review generated rules before allowing the agent to rely on them.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none; Required binaries (all must exist): none; Code file presence: scripts/evolution.js, scripts/heartbeat-check.sh, scripts/init-rules.sh

The included scripts are visible and no external installer is shown, but provenance is limited and the metadata does not declare the Node/Bash runtimes used by the scripts.

User impactUsers have less provenance information for deciding whether to trust the local executable scripts.

RecommendationPrefer a published source/homepage and declare Node and Bash as runtime requirements in the metadata.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

scripts/evolution.js

const STATE_FILE = path.join(STATE_DIR, 'state.json'); ... state.identity[field] = value; saveState(state);

The script saves arbitrary identity fields into a persistent state file under the user's OpenClaw workspace, creating cross-session agent context that can influence later behavior.

User impactIncorrect, stale, or maliciously added identity/rule state could be carried into future sessions and steer the agent's behavior.

RecommendationUse this only if you want persistent agent-behavior memory. Add explicit user approval for identity/rule/evolution writes, whitelist mutable fields, and provide clear review, export, reset, and rollback controls.