ClawHub

Agent Self-Evolve

Security checks across malware telemetry and agentic risk

Overview

The skill is openly designed for agent learning, but it can run scheduled self-updates that modify code, skills, and memory without clear per-change approval.

Install only if you intentionally want an agent that maintains persistent learning records and may change files over time. Before enabling cron or heartbeat, change the prompts so code, skill, AGENTS.md, SOUL.md, and configuration changes are proposed for human review instead of applied automatically, and limit writable paths to a narrow allowlist.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to execute queued improvements, including code fixes and skill updates, during unattended daily evolution. Because there is no required user approval, scope restriction, or safe-change policy, this creates an autonomous self-modification path that can introduce insecure changes, corrupt behavior, or operational drift over time.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The optional heartbeat guidance says urgent improvements should be executed immediately without waiting for daily evolution, which enables unsupervised, real-time file modification. This is riskier than scheduled updates because it removes both timing friction and review opportunities, allowing a malformed or adversarially influenced 'urgent' item to trigger immediate self-change.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The prompt explicitly instructs an autonomous cron-driven agent to read logs, update memory files, modify skill files, and implement code fixes without requiring contemporaneous user review or approval. In a self-evolution skill, this is especially dangerous because it creates a persistent self-modifying loop where low-quality observations, prompt injection in logs, or mistaken inferences can propagate into code, skills, and long-term memory automatically.

Ssd 3

Medium
Confidence
88% confidence
Finding
The real-time capture loop broadly directs the agent to persist mistakes, learned knowledge, and important decisions or preferences into memory files after every interaction. Without sensitivity boundaries, redaction rules, or data-minimization requirements, the skill can accumulate personal, confidential, or otherwise sensitive user data into long-lived storage.

Ssd 3

Medium
Confidence
90% confidence
Finding
The daily evolution workflow creates a persistent aggregation pipeline: read daily logs, extract lessons and insights, update memory, and append summaries to logs. This increases privacy and security risk because scattered user-provided information can be consolidated into durable, higher-value records without any classification, filtering, or approval step.

Self-Modification

High
Category
Rogue Agent
Content
---
name: self-evolve
description: >
  Self-evolution system for OpenClaw agents. Enables continuous learning through
  mistake tracking, experience distillation, skill improvement queues, and
Confidence
97% confidence
Finding
self-evolve

Self-Modification

High
Category
Rogue Agent
Content
or one-off reminders (use cron directly).
---

# Self-Evolve 🧬

A self-improvement system that turns every interaction into a learning opportunity.
Three loops: **real-time capture** → **daily consolidation** → **weekly deep review**.
Confidence
97% confidence
Finding
Self-Evolve

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal