Mupeng Evolve — God-Tier Agent Evolution Engine
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could change how it or its installed skills behave in later tasks, potentially causing unexpected actions or making future behavior harder to audit.
This explicitly authorizes automatic modification of tools, heartbeat behavior, and skills. Those are high-impact agent-behavior controls, and the visible artifact does not clearly limit which files may be changed or require user approval for each change.
- ✅ **Auto-modify**: memory/, tools, heartbeat, skills — evolve freely
Only use this in a tightly scoped workspace. Require explicit approval before any tool, skill, heartbeat, or configuration change, and keep backups or version control for rollback.
Private, incorrect, or attacker-influenced content could become durable agent context and affect future sessions.
The skill creates long-lived memory that is automatically promoted and reused on boot. The visible instructions do not clearly define user review, exclusions, poisoning resistance, or deletion controls for that persistent context.
Retention: Permanent + Immutable core ... AUTO-PROMOTION: HOT → WARM → COLD (via heartbeat) ... CONTEXT RECOVERY: COLD → WARM → HOT (on boot)
Review memory files regularly, define excluded directories and sensitive data rules, and avoid automatic promotion to permanent memory without human approval.
Users may over-trust the safety of broad self-modification and persistent memory behavior based on unsupported assurances.
The artifact makes strong safety and production-readiness claims while providing only an instruction document and no implementation or verification evidence in the supplied artifacts.
zero dependencies, battle-tested security, and real-world revenue integration
Treat the safety claims as unverified. Test in a non-critical environment and require manual review of all behavior-changing edits.
It is harder to verify who maintains the skill or whether the full behavior has been independently reviewed.
There is no executable package to inspect, but the skill has weak provenance for a high-impact self-evolution instruction set.
Source: unknown; Homepage: none; No code files present — this is an instruction-only skill.
Prefer trusted sources for high-impact agent-control skills and review the complete SKILL.md before use.