Self-Evolving Agent π§
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: self-evolving-agent Version: 5.0.0 The OpenClaw AgentSkills skill bundle "self-evolving-agent" (version 5.0.0) has been reviewed. The skill is designed to analyze AI agent logs, identify behavioral patterns, measure the effectiveness of past improvements, and propose rule changes to the `AGENTS.md` configuration file. A core principle emphasized throughout the documentation is that the skill "only proposes, never modifies directly," requiring explicit user approval for any changes. **Analysis of Capabilities and Potential Risks:** 1. **Persistence:** The `scripts/register-cron.sh` script explicitly registers a cron job to run the main orchestrator (`scripts/v5/orchestrator.sh` or `scripts/v4/orchestrator.sh`) weekly. The `install/install.sh` script also sets up `scripts/v5/stream-monitor.sh` as a LaunchAgent (macOS) or systemd service (Linux) for continuous background monitoring. These are high-privilege persistence mechanisms, but they are transparently declared and serve the stated purpose of automated analysis and real-time alerting. 2. **File System Access:** The skill extensively reads sensitive local files, including: * `~/.openclaw/agents/*/sessions/*.jsonl` (full conversation transcripts) * `~/.openclaw/logs/*.log` (system and cron logs) * `~/openclaw/AGENTS.md`, `~/openclaw/MEMORY.md`, `~/.learnings/*.md` (agent configuration and memory)
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may enable the skill under a stronger privacy assumption than the rest of the documentation supports.
This broad local-only assurance conflicts with other supplied artifacts documenting optional Claude/OpenAI synthesis and Discord/Slack/Telegram/Webhook delivery. Users could reasonably believe no derived analysis or proposal content leaves the machine when some configured workflows may send content externally.
**No data is sent to any remote server.** ... Only **one script** (`benchmark.sh`) makes optional network calls
Treat external LLM and delivery integrations as opt-in network transmission paths; the publisher should align SECURITY.md, metadata, and setup docs to state exactly what is sent and when.
The analysis may include sensitive private conversations or persistent memory-derived signals, even if the skill is designed to process them locally.
The skill intentionally reads full local conversation history, memory, logs, self-review records, proposals, and rejection logs to generate future improvement proposals.
Session transcripts | `~/.openclaw/agents/*/sessions/*.jsonl` ... Long-term memory | `~/openclaw/MEMORY.md` ... **Session transcripts contain full conversation history.**
Before enabling, review the configured paths, analysis window, fleet scope, cache/output directories, and any external delivery or LLM settings.
Proposal summaries or alerts may be visible to people or services with access to the configured channel or webhook.
The skill can deliver generated reports or alerts to external messaging/webhook providers, which is purpose-aligned but creates an external data boundary.
"deliveryChannel": "Discord (configurable: Slack / Telegram / Webhook)"
Use private channels, least-privilege webhooks/tokens, and confirm whether proposal content includes excerpts or sensitive derived information.
If configured, provider or delivery credentials give the skill delegated authority to call third-party services or post messages.
The skill supports optional hosted LLM providers that require API credentials, and other artifacts also describe delivery integrations such as Slack, Telegram, and webhooks.
| **Anthropic** | ~$0.05 | Required | Required | ... | **OpenAI** | ~$0.05 | Required | Required |
Prefer Ollama or provider "none" for local-only operation, or use narrowly scoped credentials and avoid placing unrelated secrets in the skill configuration.
The skill can continue monitoring or running on a schedule after setup until the user stops the monitor or removes the cron job.
The skill includes disclosed persistent behavior: a real-time log monitor and scheduled weekly cron automation, with documented removal support.
`tail -F` κΈ°λ° μ€μκ° λ‘κ·Έ κ°μ ... `register-cron.sh` ... `--remove` νλκ·Έ: ν¬λ‘ μ κ±°
Enable persistence only intentionally, verify the registered cron entry, and keep the documented removal command available.
A user following setup instructions may execute code or install dependencies from sources that are not pinned to a reviewed commit or version.
The documented setup uses an unpinned external GitHub clone, package installation, model download, background service startup, and cron registration. These steps are user-directed and purpose-aligned, but they increase provenance and setup risk.
"git clone https://github.com/ramsbaby/openclaw-skills.git /tmp/sea-install", ... "brew install ollama && ollama pull nomic-embed-text && ollama serve &", ... "bash ~/openclaw/skills/self-evolving-agent/scripts/register-cron.sh"
Install from a trusted release or reviewed commit, audit scripts before running them, and confirm the cron entry and background Ollama process are desired.
Incorrect or unwanted scheduling could cause repeated runs, recurring alerts, or unexpected analysis of local logs.
The skill can modify the OpenClaw cron registry to schedule automation. This is disclosed and central to the weekly-review purpose, but it is a meaningful environment mutation.
Read/Write `~/.openclaw/cron/jobs.json` | `register-cron.sh` only | Schedule the weekly cron job
Review the cron configuration before and after registration, and use the documented remove/update options when changing or uninstalling the skill.