ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tmp Soul Evolver

v1.0.1

soul-evolver - AI Agent Memory Evolution System. Automatically analyzes memory files and evolves SOUL.md, USER.md, IDENTITY.md, and other workspace identity...

0· 16·0 current·0 all-time
byGao.QiLin@relunctance
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description, runtime code, and instructions consistently implement a memory-analysis → MiniMax → file-update workflow. Requiring python3 and a MiniMax API key is coherent with that purpose. However, the registry-level metadata shown at the top of the report claims no required environment variables, while SKILL.md and the code require MINIMAX_API_KEY — this mismatch is an incoherence in the packaging/metadata.
!
Instruction Scope
SKILL.md and the code instruct the agent to read memory/*.md, .learnings/, and optionally a hawk-bridge vector store, then build prompts containing memory excerpts and send them to the configured MiniMax endpoint. That behavior matches the described purpose but does mean potentially sensitive workspace memory is transmitted to an external LLM provider. The skill also includes a scheduled hook (every 120m) which, if enabled, will run periodically without manual approval. Instructions and code otherwise remain within the stated scope (no access to unrelated system paths or unrelated credentials).
Install Mechanism
This is an instruction-only skill (no external download/install spec). Code files are bundled in the skill itself; there is no separate install-from-URL step. That keeps installation risk low. Minor inconsistency: SKILL.md/README refer to paths like ~/.openclaw/skills/soul-forge/scripts/... while other documentation and the publish slug use 'soul-evolver' or 'soulforge' — path/name inconsistencies may cause user confusion but are not an active install risk.
Credentials
The code and SKILL.md require a single external credential (MINIMAX_API_KEY) and optionally accept MINIMAX_BASE_URL; that is proportionate to the stated functionality. The top-level registry metadata (in the provided summary) not listing MINIMAX_API_KEY is inconsistent with the skill instructions and code, which do require it. No unrelated secrets or excessive environment variables are requested.
Persistence & Privilege
The skill does not set always: true and does not request elevated system privileges. It can be scheduled via an agentTurn hook (every 120m) which would run autonomously if the environment/scheduler enables the hook; that autonomy combined with sending memory to an external API is a convenience-risk tradeoff but not an outright privilege escalation.
What to consider before installing
What to check before installing: - Understand data flow: this skill will read your workspace memory files (memory/*.md, .learnings/) and send extracted excerpts to the configured MiniMax API. Only install if you trust the MiniMax provider and are comfortable sending that data off-host. - Required env var: set MINIMAX_API_KEY (and optionally MINIMAX_BASE_URL). Note the package metadata shown earlier omitted this — rely on SKILL.md/code which do require the key. - Test with --dry-run first to see proposed changes without writing. Review outputs before allowing it to run automatically. - Scheduling: SKILL.md includes a scheduled hook (every 120m). If you enable automated scheduling, the skill will periodically analyze and may append updates; if you prefer manual control, do not enable the cron/hook. - Review workspace and backups: backups are stored under derived .soulforge-* directories inside the workspace; confirm the workspace path is correct so backups stay isolated. - Path/name mismatch: documentation refers to both 'soul-forge' and 'soul-evolver' locations; confirm the actual installed path and update commands accordingly. - If you need higher assurance, audit the full analyzer/evolver code (the network call and prompt composition are visible in analyzer.py) and consider running the skill in an isolated test workspace containing non-sensitive data first.

Like a lobster shell, security has layers — review code before you run it.

latestvk972nqq1h2jazk90kp385awdfh8471dh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3

SKILL.md

soul-evolver Skill

soul-evolver automatically evolves your AI agent's identity files by analyzing memory sources and discovering patterns over time.

When to Use

  • After significant conversations that reveal new behavioral patterns
  • When USER.md or SOUL.md needs updating based on accumulated experience
  • During periodic memory reviews (scheduled or manual)
  • After the user provides corrections or new preferences

Quick Start

Run Manual Evolution

exec python3 ~/.openclaw/skills/soul-forge/scripts/soulforge.py run

Dry Run (Preview Changes)

exec python3 ~/.openclaw/skills/soul-forge/scripts/soulforge.py run --dry-run

Check Status

exec python3 ~/.openclaw/skills/soul-forge/scripts/soulforge.py status

Multi-Agent Isolation

SoulForge is designed for multi-agent environments. Each agent's data is completely isolated:

DataIsolation Strategy
Backup files.soulforge-{agent}/backups/ — agent-specific subdirectory
State files.soulforge-{agent}/ — agent-specific directory
Memory sourcesRead only from agent's own memory/ and .learnings/
Target filesUpdate only agent's own SOUL.md, USER.md, etc.

Example: workspace naming

~/.openclaw/workspace/         → .soulforge-main/     (main agent)
~/.openclaw/workspace-wukong/  → .soulforge-wukong/  (wukong agent)
~/.openclaw/workspace-tseng/   → .soulforge-tseng/   (tseng agent)

Each agent should run its own cron job pointing to its workspace:

# For main agent
python3 soulforge.py run --workspace ~/.openclaw/workspace

# For wukong agent
python3 soulforge.py run --workspace ~/.openclaw/workspace-wukong

Configuration

Set your MiniMax API key:

export MINIMAX_API_KEY="your-api-key"

Or in OpenClaw config:

{
  "env": {
    "MINIMAX_API_KEY": "your-key"
  }
}

How It Works

memory/*.md + .learnings/ → MiniMax Analysis → Pattern Discovery → File Updates

Trigger Conditions

soul-evolver updates files when:

FileTriggers
SOUL.mdSame behavior seen 3+ times, user corrections, new principles
USER.mdNew user preferences, project changes, habit changes
IDENTITY.mdRole/responsibility changes, team structure changes
MEMORY.mdImportant decisions, milestones, lessons learned
AGENTS.mdNew workflow patterns, delegation rules
TOOLS.mdNew tool usage patterns, workarounds

Safety

  • Incremental: Only appends, never overwrites existing content
  • Backups: Creates timestamped backups in .soulforge-backups/
  • Dry Run: Preview changes with --dry-run
  • Threshold: Patterns must appear multiple times before promoting

Schedule (Recommended)

Set up a cron job for continuous evolution:

# Every 2 hours
openclaw cron add --name soulforge-evolve --every 120m \
  --message "exec python3 ~/.openclaw/skills/soul-forge/scripts/soulforge.py run"

Files Generated

  • .soulforge-backups/*.bak — Timestamped backups
  • .soulforge-state.json — Last run state (optional)

Memory Sources

SourcePathPriority
Daily logsmemory/YYYY-MM-DD.mdHigh
Learnings.learnings/LEARNINGS.mdHigh
Errors.learnings/ERRORS.mdMedium
hawk-bridgeVector storeMedium

Exit Codes

  • 0 — Success
  • 1 — Error (check output for details)

Files

12 total
Select a file
Select a file to preview.

Comments

Loading comments…