Evoagentx
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a disclosed EvoAgentX integration, but users should verify the unbundled PowerShell helper, API-key use, and long-term agent memory before using it.
Install only if you intend to use EvoAgentX. Before running commands, verify the evoagentx.ps1 helper and the pip package source/version, use scoped API keys, and avoid sensitive inputs until you understand EvoAgentX memory and workflow-review controls.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could end up relying on a local script or package version whose contents are not shown in the submitted artifact.
The skill depends on an external pip package and tells users to run a PowerShell helper, but the supplied artifact set only contains SKILL.md. This is aligned with installation guidance, but users should verify the helper source and package version before running commands.
metadata: {"openclaw": {"requires": {"bins": ["python3.12"], "pip": ["evoagentx"], "python_path": "C:\\Users\\z\\AppData\\Local\\Programs\\Python\\Python312\\python.exe"} ...
.\evoagentx.ps1 -Action installUse only a verified EvoAgentX package and a trusted evoagentx.ps1 helper; prefer pinned package versions and inspect the helper before running it.
Broadly worded goals may lead to workflows that do more than the user expected if not reviewed.
The framework is intended to construct workflows from free-form goals. This is the stated purpose, but goal-driven automation should be reviewed before allowing actions that could affect files, accounts, or external services.
Run: `.\evoagentx.ps1 -Action run -Goal "your goal"` ... - Auto-constructs workflows from goals
Use specific goals, review generated workflows where possible, and avoid granting access to sensitive tools or accounts unless needed.
Using an API key may incur costs or expose account-level access to the EvoAgentX workflow.
The skill asks users to provide LLM provider credentials. That is expected for an AI-agent framework, but those credentials can spend quota or access provider-side account resources.
- OpenAI API key (or Claude, DeepSeek, etc) ... $env:OPENAI_API_KEY = "sk-..."
Use a scoped or limited API key where possible, monitor usage, and do not paste keys into untrusted terminals or shared logs.
Information given to workflows may be remembered or reused later depending on EvoAgentX configuration.
The framework advertises persistent memory and feedback-driven evolution. This is purpose-aligned, but long-term memory can retain or reuse sensitive context if users do not understand storage and retention behavior.
- Self-evolution based on feedback - Memory (short-term + long-term)
Avoid entering secrets or sensitive documents into workflows until memory storage, retention, and deletion controls are understood.