Autonomous Learning Cycle
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: autonomous-learning-cycle Version: 1.0.0 The skill implements an autonomous 'self-evolution' framework that utilizes high-risk capabilities, including automated code generation (engines/skill-creator.js), persistence via cron job registration (setup-cron.js), and shell command execution via execSync (engines/learning-direction.js). While these features align with the stated purpose of a self-improving agent, the ability to automatically write new SKILL.md files and schedule system-level tasks creates a significant attack surface for potential prompt injection or unintended command execution. No explicit evidence of intentional malice, such as data exfiltration or hardcoded backdoors, was identified.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The system may keep running and changing agent workspace state after setup, even when the user is not actively supervising it.
The skill documents a recurring autonomous loop and additional scheduled reflection and learning-direction jobs, creating persistent agent activity rather than one user-bounded action.
自主进化循环 | */17 * * * * | 每 17 分钟执行一轮学习循环
Only enable the scheduler in a sandbox or dedicated workspace, review the cron entries, and require an obvious disable/rollback path before relying on it.
A malformed or poisoned task category could make the skill run unintended commands on the local machine.
Task queue data is inserted directly into a shell command. If a category contains shell metacharacters, it could cause unintended local command execution, especially when the auto workflow is scheduled.
const categories = [...new Set(queue.tasks.map(t => t.category || 'general'))]; ... execSync(`npx skills find ${category}`, {Replace shell interpolation with execFile/spawn using argument arrays, strictly whitelist category values, and avoid running this path automatically on untrusted task data.
The behavior can depend on external package state or an unexpected package version, increasing supply-chain risk.
The skill invokes an npx command without a pinned dependency or declared runtime requirement, which can cause remote package resolution/execution in an autonomous discovery flow.
execSync(`npx skills find ${category}`, { cwd: WORKSPACE, encoding: 'utf-8' })Declare and pin the dependency, vendor the tool, or use a fixed trusted API/library instead of unpinned npx execution.
Bad or manipulated learning records could be promoted into future tasks or skills and affect later agent behavior.
Persistent learned patterns and confidence scores are intended to drive future skill creation. The artifacts do not show clear provenance checks, human approval, or rollback for poisoned or low-quality learned content.
提取学习模式 → 评估自信度 → 高自信 → 自动创建技能
Require user approval before converting patterns into skills, store provenance for learned records, and provide review and rollback controls.