Immortal_Brain
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: imortalbrain Version: 5.0.0 This skill bundle implements a highly autonomous AI agent designed to manage tasks, its own identity, and core memory files. It is classified as suspicious due to several high-risk capabilities, even though there is no clear evidence of intentional malicious behavior. Key indicators include the agent's ability to manage `TOOLS.md` (which can contain sensitive SSH host configurations) as seen in `SKILL.md`, `scripts/core_memory.py`, and `CORE_MEMORY_SUMMARY.md`. Additionally, the agent operates with significant autonomy, including auto-approval of tasks after a 6-minute timeout, as detailed in `SKILL.md` and `HEARTBEAT.md`, allowing it to execute actions without explicit user consent. The agent also performs self-modification of its `IDENTITY.md` based on observed behavior, as described in `SKILL.md`, `scripts/brain_service.py`, and `IDENTITY_FEATURE.md`. While these capabilities are presented as features for an autonomous agent, they pose inherent risks if the agent were to be compromised or given ambiguous instructions, potentially leading to unauthorized access or unintended actions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you miss the approval window, the agent may proceed with planned work automatically; broad or unsafe tasks could change files or agent state before you review them.
The documented workflow explicitly allows task steps to proceed into execution without fresh user approval after a timeout, and the artifacts do not define allowed or blocked actions.
"Execution" - Execută pașii (dacă aprobat sau timeout 6 min) ... Bătaia 3: Auto-aprobată și continuă execuția
Disable timeout auto-approval or require explicit confirmation before any file, account, tool, or configuration change; define allowed task scopes and rollback behavior.
Once enabled, it may keep acting in the background every two minutes and continue processing tasks even when you are not actively supervising it.
The skill is designed to run repeatedly as an autonomous heartbeat, processing tasks and state outside a single user-invoked command.
# Frecvență: 2 minute ... La fiecare 2 minute ... Rulează `python skills/immortal-brain/scripts/brain_service.py heartbeat`
Only enable the heartbeat, scheduler, or daemon if you want persistent automation; document how to stop it and prefer manual runs until trust is established.
Private preferences, tool notes, user profile details, and agent identity/memory can be rewritten or reused across future tasks; bad entries could poison later decisions.
The skill automatically analyzes, versions, and optimizes persistent memory and identity files that can contain user profile, tool, and behavioral context and influence future agent behavior.
gestionarea automată ... SOUL.md, TOOLS.md, MEMORY.md, USER.md, IDENTITY.md ... Optimizare automată MEMORY.md ... Versionare și istoric complet
Back up these files, keep secrets out of memory/tool notes, review generated changes, and require approval before automatic optimization or identity updates.
Running setup as administrator gives the commands more power than ordinary workspace file creation usually needs.
The quick-install instructions ask for an elevated command prompt to create and copy OpenClaw workspace files; no credential abuse is shown, but administrator elevation broadens local impact.
Deschide CMD ca Administrator și scrie: ... mkdir ... copy
Run installation with normal user permissions when possible, and elevate only if you understand why it is required.
It is harder to verify where the code came from and whether the installed files match the documented behavior.
The registry metadata does not establish provenance or declare the Python/runtime setup even though the documentation relies on local scripts and manual heartbeat activation.
Source: unknown; Homepage: none ... No install spec — this is an instruction-only skill ... Required binaries: none
Inspect the installed scripts, use a trusted source, and declare Python/runtime paths and automation steps before enabling the skill.