Verified Capability Evolver
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Review recommended: the code is mostly transparent, but the skill is designed to create persistent agent memory and instructions that can affect future sessions.
Install only if you want the agent to maintain and promote persistent learnings. Before enabling hooks or allowing promotions, require human approval, review changes to .learnings, AGENTS.md, SOUL.md, TOOLS.md, and MEMORY.md, avoid logging secrets or personal data, and verify the package metadata/source.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken, overbroad, or sensitive learning could become part of the agent's future instructions and influence later work.
The skill explicitly promotes learnings into files that become future session context. Verification is required, but the shown artifacts do not require explicit user approval before persistent agent-behavior changes.
OpenClaw injects these files into every session ... AGENTS.md ... SOUL.md ... TOOLS.md ... MEMORY.md ... Workflow improvements | Promote to `AGENTS.md` ... Behavioral patterns | Promote to `SOUL.md` after verification PASS
Require explicit user approval and diff review before promoting anything to AGENTS.md, SOUL.md, TOOLS.md, or MEMORY.md; keep secrets out of learnings and provide a clear rollback path.
Learnings or transcript details could be shared with other sessions or sub-agents if these tools are used without care.
The documentation describes cross-session transcript reading, messaging, and sub-agent spawning. This is purpose-aligned for sharing learnings, but transcripts and handoffs can contain sensitive context.
sessions_history ... Read transcript from another session ... sessions_send ... Send message to another session ... sessions_spawn ... Spawn a background sub-agent
Use cross-session tools only with user intent, verify the target session, and avoid sending secrets, credentials, personal data, or unrelated transcript content.
Enabling the hook creates ongoing prompt influence and context overhead until disabled.
The optional OpenClaw hook persists once enabled and injects reminder context at agent bootstrap. The supplied handler only adds a virtual reminder file, but it can influence every future session where the hook is active.
Fires on `agent:bootstrap` ... Adds a reminder block to check `.learnings/` for relevant entries
Enable the hook only if you want persistent learning reminders, inspect the hook code before enabling, and disable it if it becomes intrusive.
It may be harder to confirm exactly which publisher/version produced the installed artifact.
The included _meta.json does not match the supplied registry metadata, which lists a different owner ID and version 1.0.5. This is a provenance/update-tracking inconsistency, not evidence of malicious behavior.
"ownerId": "kn70cjr952qdec1nx70zs6wefn7ynq2t", "version": "1.0.0"
Verify the registry publisher and package version before enabling optional hooks, and ask the maintainer to align embedded metadata with the registry release.