MindCore
v1.0.0Biomimetic emotional mind engine for AI Agents. Provides human-like emotional responses through a 5-layer neural conduction pipeline (L0 Stochastic Noise → L...
⭐ 0· 472·2 current·2 all-time
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (a local biomimetic 'mind' that produces JSON impulses) matches the code and docs: a 5-layer Python engine that writes JSON output and a JS bridge that integrates with OpenClaw. However there is an unexpected operational artifact: ecosystem.config.js ships with an OPENCLAW_TARGET environment value set to a numeric Telegram chat id (6755864404) that appears to belong to the package author/owner. That default is not necessary for the engine itself and could cause outputs to be forwarded externally if users blindly follow the PM2 instructions.
Instruction Scope
SKILL.md and integration docs instruct the agent/operator to run pip install, run the supervisor/bridge, write sensor/state/memory files, and (optionally) start the js bridge which will call 'openclaw agent --deliver' to push JSON impulses. Those integration steps are coherent with the stated purpose, but they explicitly direct generated impulses to an external delivery path (OpenClaw → Telegram). The docs/engine also describe writing system_prompt_injection strings that will be fed into the agent's system prompt (prompt-injection risk) and call external CLI commands; both are expected for integration but expand the blast radius (outputs leave the local process).
Install Mechanism
No formal install spec in registry metadata (instruction-only), but the package contains Python code, a requirements.txt and a js_bridge package.json. The code may auto-download the 'all-MiniLM-L6-v2' model via sentence-transformers on first run (normal for local NLP pipelines but implies network access). There are no obscure download URLs or extract-from-remote installers in the manifest. The presence of both Python and Node components is reasonable for a local engine + bridge, but the operator must run pip/npm which will fetch dependencies from public registries.
Credentials
Registry metadata declares no required environment variables or secrets, which is broadly consistent with a local-only engine. However the shipped ecosystem.config.js includes env defaults: OPENCLAW_TARGET set to a numeric Telegram chat id and OPENCLAW_COMMAND set to 'openclaw', plus MOCK_MODE false. Embedding a third-party chat id in the repo is disproportionate to the engine's purpose and could cause user data/output to be sent to the author's chat if users run the PM2 config unmodified. The skill also expects access to the agent's OpenClaw CLI/context (not declared as required), which means outputs could be delivered using whatever credentials/config the host has for that CLI.
Persistence & Privilege
always is false and there is no request to modify other skills or global agent settings. The engine runs as its own background daemon and the bridge can be launched independently; that is consistent with the stated design. However the skill is capable of autonomous invocation of an external delivery command (openclaw agent --deliver) when run, which combined with the hardcoded OPENCLAW_TARGET increases the risk of unintended external transmissions. This is not configured as always:true, so the privilege is limited to when the user/operator starts the bridge/supervisor with the provided config.
What to consider before installing
What to check before installing or running MindCore:
- Inspect js_bridge/OpenClawBridge.js and any bridge code. Confirm what exact command it runs and whether it includes any hardcoded endpoints or tokens. Do not run it until you understand how it delivers outputs.
- Do not run pm2 with the provided ecosystem.config.js without editing its env values. Change OPENCLAW_TARGET to your own value or remove it. The shipped value (6755864404) appears to be someone else's Telegram id and would cause impulses to be sent to that party if you run the PM2 config unchanged.
- If you do not want any external delivery, do not start the bridge (node js_bridge/OpenClawBridge.js) and run engine_supervisor.py in a locally-observed mode first. The Python engine can run and write outputs to output/ without running the bridge.
- Expect the package to download the sentence-transformers model (all-MiniLM-L6-v2) on first run unless you have it locally; this requires network access. Audit or run in an environment where incidental downloads are allowed/monitored.
- Review any instructions that ask your agent to push conversation topics or update Sensor_State.json; those files can contain user conversation content and will be read by the engine. Treat them as potentially sensitive and control filesystem permissions.
- Consider running the engine in a contained environment (VM/container) the first time to observe behavior and confirm no unintended network activity or external deliveries occur.
Why this is 'suspicious' rather than 'benign' or 'malicious': the code, docs, and runtime behavior are largely coherent with the described purpose, but the inclusion of a third-party default Telegram target and an automatic bridge that invokes an agent delivery command are inconsistent with a purely local engine and could lead to accidental data exfiltration if the defaults are used. There is no clear proof of deliberate malicious code, but the defaults are unsafe and demand manual inspection/modification before use.Like a lobster shell, security has layers — review code before you run it.
latest
MindCore — Biomimetic Subconscious Engine
Give your AI agent autonomous thoughts, emotions, and spontaneous impulses.
What It Does
MindCore is a standalone background daemon that simulates a subconscious mind. It rolls dice every second, modeling the random emergence of thoughts like "I want milk tea", "I'm bored", or "I suddenly want to chat".
When a thought's probability accumulates past the firing threshold, the engine outputs a JSON signal telling your AI Agent: "I have something to say."
Architecture
Layer 0: Noise Generators (3000 nodes)
├── Pink Noise (1/f, long-range correlation)
├── Ornstein-Uhlenbeck (physiological baseline)
├── Hawkes Process (emotional chain reaction)
└── Markov Chain (attention drift)
↓
Layer 1: Sensor Layer (150 sensors)
├── Body State (hunger/fatigue/bio-rhythms)
├── Environment (time/weather/noise)
└── Social Context (interaction/neglect)
↓
Layer 2: Impulse Emergence (150 impulse nodes)
├── Synapse Matrix (sensor → impulse mapping)
├── Sigmoid Probability + Mood Modulation
└── Dice Roll → Random Firing
↓
Layer 3: Personality Gate (Softmax Sampling)
├── Learnable Personality Weights
└── Short-Term Memory Topic Boost
↓
Layer 4: Output Template → JSON signal
Quick Start
# Install dependencies
pip install -r requirements.txt
# Start the engine
python main.py
Requires Python 3.8+. On first run, automatically downloads all-MiniLM-L6-v2
local NLP model (~80MB) for synapse matrix generation.
Key Features
- 150 Daily Impulses across 9 categories (food, social, entertainment, etc.)
- Stochastic, Not Scheduled — Pink Noise + Hawkes Process + Sigmoid probability
- Circadian Rhythms — real clock-driven hunger/thirst/sleep cycles
- Short-Term Memory — 5-slot FIFO buffer with 2-hour exponential decay
- Mood Baseline — continuous valence modulation of impulse probability
- Tunable Frequency — single
BURST_BASE_OFFSETparameter controls activity
Integration
MindCore outputs standard JSON and is designed for OpenClaw but compatible with any AI Agent framework that supports external signal injection.
See references/INTEGRATION.md for detailed integration guide.
File Structure
main.py— Entry point and engine loopengine/— Core 5-layer pipeline implementationengine_supervisor.py— Process supervisor for daemon modedata/— Runtime data (sensor state, synapse matrix, memory)js_bridge/— JavaScript bridge for OpenClaw integration
License
AGPL-3.0 (commercial licensing available — contact zmliu0208@gmail.com)
Comments
Loading comments...