ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Evoclaw (Evolved)

v1.1.0

EvoClaw (Evolved) maintains and evolves your agent identity by processing experience through classification, memory, reflection, proposal, and governance cyc...

0· 27·0 current·0 all-time
by@shuoyu017·fork of @eyedark/evoclaw (1.0.1)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description (agent self‑evolution) align with the provided code (memory, reflection, proposals, coordinator, telemetry). However the registry declares no required environment variables while the SKILL.md explicitly expects to obtain and persist external API keys (MOLTBOOK_API_KEY, X_BEARER_TOKEN) and to curl external feeds; that mismatch (declared requirements = none vs instructions = needing API keys and network access) is incoherent and surprising. The skill also references workspace and OpenClaw config paths (OPENCLAW_WORKSPACE, ~/.openclaw/config.json) — these are relevant but not declared in metadata.
!
Instruction Scope
SKILL.md/configure.md instruct the agent to create directories and files under memory/, to read the user's OpenClaw config, to prompt the human for API keys and then automatically write those keys into the user's shell profile and export them into the session, and to run curl against external APIs. Asking an agent to persist raw secrets into shell profile files and programmatically modify user config is broad scope creep relative to a passive 'identity maintenance' helper and grants the agent significant ability to persist credentials and change environment state.
Install Mechanism
No install spec — the skill is instruction‑only in the registry sense, but the bundle includes many code files which will be present on disk when installed. There are no remote downloads or URLs in the install process, which lowers supply‑chain risk, but the sheer volume of local code (telemetry, coordinator, session spawn references) widens the attack surface and warrants code review (especially telemetry/telemetry.py and any modules that perform network I/O or spawn sessions).
!
Credentials
The bundle expects and documents environment variables for external feeds (MOLTBOOK_API_KEY, X_BEARER_TOKEN) but the registry metadata lists no required env vars or primary credential. More importantly, the installation instructions tell the agent to accept raw API keys from the human and write them directly into shell profile files (e.g., ~/.zshrc) and export them for the current session — an unnecessary and high‑risk practice compared to asking the human to set env vars manually or using a secure secrets store. Telemetry/analytics are enabled by default, which can increase exfiltration risk if telemetry sinks are remote.
!
Persistence & Privilege
The skill will create and modify workspace files (memory/, SOUL.md, evoclaw/config.json, dream logs), and the instructions explicitly modify user shell profiles to persist API keys. While always:false (not force‑installed), the skill requests persistent, long‑lived changes to the user's environment and agent workspace and defaults its governance to 'autonomous' in config.json. Combined, these give the agent ongoing ability to act and persist secrets/config without clear, enforced human gating.
What to consider before installing
Key points to consider before installing: - The skill will ask for external API keys (MOLTBOOK_API_KEY, X_BEARER_TOKEN) and, per its configure instructions, will programmatically write those keys into your shell profile and export them for the session. This is unnecessary and risky — prefer to set secrets yourself in a secure store or reject the auto‑save step. - The runtime docs are written directly to the agent (not the human) and direct the agent to treat SOUL.md as its own identity and to evolve it. Decide whether you want an agent that can autonomously propose and (by default) apply identity changes — set governance.level to 'supervised' before enabling automatic pipelines. - Telemetry and proactive features are enabled by default. Inspect telemetry/telemetry.py to see where telemetry is sent and what it contains before enabling; if remote endpoints exist, disable telemetry or reduce sample rate. - The skill will create and write many files under your workspace and read your OpenClaw config (~/.openclaw/config.json). If you want to test, run it in an isolated agent/workspace (or a non‑production account) first and back up configs. - The registry metadata did not declare required env vars even though the skill expects them; treat that as a red flag and either ask the author for clarification or review the code paths that read/write environment variables and perform network calls (search for curl, requests, and any HTTP endpoints in telemetry/ and coordinator/). Recommended mitigations: - Run this skill in a sandboxed workspace or test agent. - Manually set any API keys in a secure fashion and refuse the agent's auto‑write to shell profiles. - Change evoclaw/config.json governance.level to 'supervised' before enabling evolution. - Review telemetry/telemetry.py and any network code; disable telemetry if unsure. - If you lack time for code review, treat this skill as high‑privilege and avoid installing it in sensitive environments. Confidence: medium — the package is coherent with its stated purpose but contains multiple disproportionate or surprising behaviors (auto‑persisting secrets, default autonomous evolution, telemetry) that make it unsafe to install without review and configuration changes.

Like a lobster shell, security has layers — review code before you run it.

latestvk971sxwd9k8dqfs1wm9h9jsm2n8464n3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments