Back to skill
Skillv1.0.0
VirusTotal security
Agent Evolution · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:46 AM
- Hash
- 884cde29633784e0c1108ee89e24cdc3c4c73c5537341728292e66fe3b64d702
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-evolution Version: 1.0.0 The skill is classified as suspicious primarily due to its design to parse and store content from external markdown files (`AGENTS.md`, `SOUL.md`) via `scripts/init-rules.sh` into its `state.json` file. While the `scripts/evolution.js` core logic itself does not execute these stored strings, this mechanism creates a potential prompt injection vulnerability for the OpenClaw agent. If an attacker can control the content of `AGENTS.md` or `SOUL.md`, they could inject malicious instructions or data into the agent's 'behavior rules' or 'identity' state, which the agent might later interpret and execute. This represents a risky capability that could be abused, even if not explicitly malicious within the skill's own code.
- External report
- View on VirusTotal