Evolving Agent
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a plausible coding assistant, but it can automatically change projects, commit code, and persist session-derived knowledge without enough user approval or scoping.
Install only if you want an autonomous coding coordinator with persistent learning. Use it in a version-controlled project, review changes before allowing commits, disable evolution mode when not needed, and periodically inspect/delete .opencode files and the configured knowledge directory.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may modify and commit project code before the user has reviewed or explicitly approved the final changes.
The workflow tells the agent not to ask whether to continue and includes committing repository changes as part of the automatic repair loop.
❌ 禁止行为: ... 中途询问"是否继续" ... 3.4 修复完成,更新状态 ... git commit
Require an explicit user approval step before commits, dependency installs, broad edits, or other durable project mutations.
Project details, decisions, errors, or accidentally included secrets could be retained locally and reused in later tasks.
The summarizer is designed to take session content and automatically store derived knowledge when evolution mode is active, without asking the user.
- `session_content`: 会话内容 ... knowledge summarize --auto-store ... 触发时机: 1. **自动**: 进化模式激活时 ... 约束 ... 不询问用户
Make knowledge storage opt-in or reviewable, scope it per project, filter secrets, and provide clear retention and deletion controls.
A bad or poisoned learned prompt could persistently change how future agents behave.
The script can insert learned custom prompts directly into SKILL.md, making stored data part of future agent instructions.
evolution_section.append("\n### Custom Instruction Injection") ... evolution_section.append(f"\n{data['custom_prompts']}") ... skill_md_path.write_text(new_content, encoding='utf-8')Keep learned knowledge separate from executable instructions, require review before modifying SKILL.md, and validate or block arbitrary custom prompt insertion.
A mistaken or poisoned evolution file could affect multiple installed skills instead of one isolated project.
This helper scans an entire skills directory and applies the stitching process to every skill containing evolution.json.
for item in os.listdir(skills_root): ... if os.path.exists(evolution_json): ... subprocess.run([sys.executable, stitch_script, skill_dir])
Avoid bulk skill rewriting by default; require explicit target selection, previews, backups, and user confirmation.
Malformed input containing shell metacharacters could cause unintended command behavior if substituted literally.
User-provided input and project paths are shown interpolated directly into a shell command string without documented escaping.
python $SKILLS_DIR/evolving-agent/scripts/run.py knowledge trigger \
--input "{user_input}" \
--project "{project_dir}" \
--format context > .opencode/.knowledge-context.mdPass arguments through a safe argv/API call or quote with a robust escaping method such as shlex.quote, and validate output paths.
Granting sudo gives the skill elevated local authority for that operation, even though the intended file action is small.
If normal marker-file writes fail, the script can ask the user to rerun limited marker operations with sudo.
response = input("是否使用 sudo 继续? [y/N]: ") ... result = subprocess.run(['sudo'] + command ...); ... run_with_sudo(['touch', str(marker_path)])Run the skill only in writable project directories and decline sudo unless the exact path and operation are understood.
Users may not realize which local tools will be executed until the agent starts running commands.
The registry does not declare runtime binaries even though the skill documentation invokes Python scripts and shell utilities.
Required binaries (all must exist): none ... Install specifications: No install spec — this is an instruction-only skill.
Declare expected runtime tools such as Python and any shell utilities, and review the included scripts before use.