Mupeng Evolve — God-Tier Agent Evolution Engine
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: mupeng-evolve Version: 1.0.0 The skill bundle is classified as suspicious due to the broad and powerful capabilities it instructs the AI agent to perform, which, despite stated security guardrails, present significant attack surface and potential for misuse. Specifically, the `SKILL.md` instructs the agent to 'evolve freely' by modifying its own `tools` and `skills`, and to extensively interact with the file system using commands like `git log` and `find`. While the skill explicitly states 'Absolute block: secrets, API keys, auth tokens — never touched' and includes a 'SECURITY SCAN' for 'Injection detected,' the ability for an agent to self-modify its operational code and configuration, coupled with implied external interactions for 'auto-publish' and 'sub-agent execution,' introduces high-risk vulnerabilities if not perfectly sandboxed or if the agent's interpretation deviates from the intended benign purpose. There is no clear evidence of intentional malicious behavior, but the inherent risks of these capabilities warrant a 'suspicious' classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could change how it or its installed skills behave in later tasks, potentially causing unexpected actions or making future behavior harder to audit.
This explicitly authorizes automatic modification of tools, heartbeat behavior, and skills. Those are high-impact agent-behavior controls, and the visible artifact does not clearly limit which files may be changed or require user approval for each change.
- ✅ **Auto-modify**: memory/, tools, heartbeat, skills — evolve freely
Only use this in a tightly scoped workspace. Require explicit approval before any tool, skill, heartbeat, or configuration change, and keep backups or version control for rollback.
Private, incorrect, or attacker-influenced content could become durable agent context and affect future sessions.
The skill creates long-lived memory that is automatically promoted and reused on boot. The visible instructions do not clearly define user review, exclusions, poisoning resistance, or deletion controls for that persistent context.
Retention: Permanent + Immutable core ... AUTO-PROMOTION: HOT → WARM → COLD (via heartbeat) ... CONTEXT RECOVERY: COLD → WARM → HOT (on boot)
Review memory files regularly, define excluded directories and sensitive data rules, and avoid automatic promotion to permanent memory without human approval.
Users may over-trust the safety of broad self-modification and persistent memory behavior based on unsupported assurances.
The artifact makes strong safety and production-readiness claims while providing only an instruction document and no implementation or verification evidence in the supplied artifacts.
zero dependencies, battle-tested security, and real-world revenue integration
Treat the safety claims as unverified. Test in a non-critical environment and require manual review of all behavior-changing edits.
It is harder to verify who maintains the skill or whether the full behavior has been independently reviewed.
There is no executable package to inspect, but the skill has weak provenance for a high-impact self-evolution instruction set.
Source: unknown; Homepage: none; No code files present — this is an instruction-only skill.
Prefer trusted sources for high-impact agent-control skills and review the complete SKILL.md before use.