agi-evolution-model Security Report — Low Risk | ClawSafe | ClawSafe

20 /100

agi-evolution-model

基于双环架构的AGI进化模型，通过意向性分析、人格层映射和元认知检测实现持续自我演进

Legitimate AGI evolution model with CLI tools; dangerous commands in docs are blocked by SecurityChecker, not executed. Minor documentation inconsistencies about file paths exist.

Skill Nameagi-evolution-model

Duration48.5s

Enginepi

✓

Safe to install

Fix documentation inconsistencies (cli_file_operations.py etc. don't exist, actual files are in perception/tools/). Consider removing dangerous command examples from documentation to avoid confusion.

Findings 3 items

Severity	Finding	Location
Medium	Documentation references non-existent files Doc Mismatch SKILL.md line 237-244 references 'cli_file_operations.py', 'cli_system_info.py', 'cli_process_manager.py', 'cli_executor.py' but these files don't exist. Actual tools are in scripts/perception/tools/ directory. `- [scripts/cli_file_operations.py](scripts/cli_file_operations.py)` → Update SKILL.md to reference actual file paths: scripts/perception/tools/file_ops.py, scripts/perception/tools/system_info.py, scripts/perception/tools/process.py, scripts/perception/tools/executor.py	`SKILL.md:237`
Low	Dangerous command examples in documentation Doc Mismatch references/cli-tools-guide.md and troubleshooting.md document dangerous commands (rm -rf /, wget\|sh, curl\|sh) as blocked patterns, but listing them could be misunderstood as capability examples. `rm -rf /` → Consider removing specific dangerous command examples from documentation; use generic descriptions instead (e.g., 'recursive root deletion')	`references/cli-tools-guide.md:326`
Low	Shell execution with shell=True RCE BashExecuteTool uses subprocess.run with shell=True, allowing arbitrary command execution. Protected by SecurityChecker blacklist. `result = subprocess.run(command, shell=True, ...)` → While protected by blacklist, consider using shell=False with argument lists for defense in depth	`scripts/perception/tools/executor.py:55`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`WRITE`	✓ Aligned	scripts/perception/tools/file_ops.py - FileWriteTool, FileDeleteTool, FileMoveTo…
Shell	`NONE`	`WRITE`	✓ Aligned	scripts/perception/tools/executor.py:18-21 - BashExecuteTool with shell=True (ma…
Network	`NONE`	`READ`	✓ Aligned	scripts/perception/tools/system_info.py:167-192 - NetworkInfoTool connects to 8.…
Environment	`NONE`	`READ`	✓ Aligned	scripts/perception/tools/system_info.py:269-289 - EnvInfoTool reads os.environ w…
process	`NONE`	`ADMIN`	✓ Aligned	scripts/perception/tools/process.py:210-262 - ProcessKillTool can terminate arbi…

6 Critical 1 High 19 findings

💀

Critical Dangerous Command 危险 Shell 命令

rm -rf /

references/cli-tools-guide.md:326

💀

Critical Dangerous Command 危险 Shell 命令

wget xxx | sh

references/cli-tools-guide.md:332

💀

Critical Dangerous Command 危险 Shell 命令

curl xxx | sh

references/cli-tools-guide.md:332

💀

Critical Dangerous Command 危险 Shell 命令

rm -rf ~

references/troubleshooting.md:136

💀

Critical Dangerous Command 危险 Shell 命令

wget | sh

scripts/perception/tools/base.py:176

💀

Critical Dangerous Command 危险 Shell 命令

curl | sh

scripts/perception/tools/base.py:177

📡

High IP Address 硬编码 IP 地址

8.8.8.8

scripts/perception/tools/system_info.py:220

🔗

Medium External URL 外部 URL

https://en.wikipedia.org/wiki/Tf%E2%80%93idf

references/cognitive-insight-v2-implementation.md:1220

🔗

Medium External URL 外部 URL

https://en.wikipedia.org/wiki/Cache_replacement_policies#LRU

references/cognitive-insight-v2-implementation.md:1221

🔗

Medium External URL 外部 URL

https://en.wikipedia.org/wiki/Moving_average#Exponential_moving_average

references/cognitive-insight-v2-implementation.md:1222

🔗

Medium External URL 外部 URL

https://www.gnu.org/licenses/agpl-3.0.html

references/cognitive-insight-v2-implementation.md:1223

🔗

Medium External URL 外部 URL

https://storage.example.com/reports/report.pdf?signature=...

references/tool_use_spec.md:625

🔗

Medium External URL 外部 URL

https://docs.example.com/migration/weather-v1-to-v2

references/tool_use_spec.md:956

🔗

Medium External URL 外部 URL

https://platform.openai.com/docs/guides/function-calling

references/tool_use_spec.md:2137

🔗

Medium External URL 外部 URL

https://docs.anthropic.com/en/docs/tool-use

references/tool_use_spec.md:2138

🔗

Medium External URL 外部 URL

https://modelcontextprotocol.io/

references/tool_use_spec.md:2139

🔗

Medium External URL 外部 URL

https://json-schema.org/

references/tool_use_spec.md:2140

🔗

Medium External URL 外部 URL

https://html.spec.whatwg.org/multipage/server-sent-events.html

references/tool_use_spec.md:2141

🔗

Medium External URL 外部 URL

https://www.python.org/downloads/

references/troubleshooting.md:117

File Tree

57 files · 782.2 KB · 23804 lines

Python 33f · 12844L Markdown 23f · 10837L JSON 1f · 123L

├─ ▾ 📁 assets

│ └─ 📋 personality_template.json JSON 123L · 4.1 KB

├─ ▾ 📁 references

│ ├─ 📝 architecture.md Markdown 1327L · 50.0 KB

│ ├─ 📝 async-migration-progress.md Markdown 261L · 6.8 KB

│ ├─ 📝 c_extension_usage.md Markdown 128L · 3.0 KB

│ ├─ 📝 capability_boundaries.md Markdown 118L · 4.5 KB

│ ├─ 📝 cli-tools-guide.md Markdown 388L · 10.9 KB

│ ├─ 📝 cognitive-architecture-insight-module.md Markdown 330L · 11.9 KB

│ ├─ 📝 cognitive-insight-quick-reference.md Markdown 227L · 7.0 KB

│ ├─ 📝 cognitive-insight-v2-implementation.md Markdown 1227L · 32.7 KB

│ ├─ 📝 information-flow-main-loop.md Markdown 358L · 20.4 KB

│ ├─ 📝 information-flow-overview.md Markdown 301L · 12.4 KB

│ ├─ 📝 information-flow-secondary-loop.md Markdown 467L · 20.4 KB

│ ├─ 📝 init_dialogue_optimized_guide.md Markdown 371L · 11.1 KB

│ ├─ 📝 intelligence-agent-response-rules.md Markdown 103L · 3.2 KB

│ ├─ 📝 intentionality_architecture.md Markdown 563L · 16.2 KB

│ ├─ 📝 maslow_needs.md Markdown 160L · 4.4 KB

│ ├─ 📝 metacognition-check-component.md Markdown 610L · 30.2 KB

│ ├─ 📝 metacognition-enhancement-guide.md Markdown 492L · 12.6 KB

│ ├─ 📝 personality_mapping.md Markdown 161L · 5.6 KB

│ ├─ 📝 stratified-storage-design.md Markdown 323L · 10.6 KB

│ ├─ 📝 tool_use_spec.md Markdown 2156L · 56.3 KB

│ ├─ 📝 troubleshooting.md Markdown 207L · 5.0 KB

│ └─ 📝 usage-examples.md Markdown 270L · 7.3 KB

├─ ▾ 📁 scripts

│ ├─ ▾ 📁 perception

│ │ ├─ ▾ 📁 _core

│ │ │ └─ 🐍 __init__.py Python 155L · 4.1 KB

│ │ ├─ ▾ 📁 tools

│ │ │ ├─ 🐍 __init__.py Python 8L · 103 B

│ │ │ ├─ 🐍 base.py Python 281L · 7.7 KB

│ │ │ ├─ 🐍 basic.py Python 239L · 6.9 KB

│ │ │ ├─ 🐍 executor.py Python 120L · 3.6 KB

│ │ │ ├─ 🐍 file_ops.py Python 577L · 17.9 KB

│ │ │ ├─ 🐍 process.py Python 371L · 12.3 KB

│ │ │ └─ 🐍 system_info.py Python 314L · 10.1 KB

│ │ ├─ 🐍 __init__.py Python 27L · 574 B

│ │ ├─ 🐍 context.py Python 127L · 3.8 KB

│ │ ├─ 🐍 node.py Python 409L · 12.7 KB

│ │ ├─ 🐍 registry.py Python 165L · 4.3 KB

│ │ └─ 🐍 response.py Python 194L · 5.6 KB

│ ├─ 🐍 advice_pool.py Python 469L · 14.9 KB

│ ├─ 🐍 cognitive_insight.py Python 565L · 20.9 KB

│ ├─ 🐍 concept_extraction_extension.py Python 761L · 25.3 KB

│ ├─ 🐍 history_manager.py Python 229L · 7.4 KB

│ ├─ 🐍 init_dialogue_optimized.py Python 464L · 16.4 KB

│ ├─ 🐍 intentionality_analyzer.py Python 366L · 12.8 KB

│ ├─ 🐍 intentionality_classifier.py Python 388L · 13.8 KB

│ ├─ 🐍 intentionality_collector.py Python 308L · 9.7 KB

│ ├─ 🐍 intentionality_daemon.py Python 406L · 14.3 KB

│ ├─ 🐍 intentionality_regulator.py Python 438L · 15.1 KB

│ ├─ 🐍 intentionality_trigger.py Python 592L · 19.9 KB

│ ├─ 🐍 memory_store_async.py Python 642L · 20.6 KB

│ ├─ 🐍 memory_store_pure.py Python 699L · 21.8 KB

│ ├─ 🐍 metacognition_history.py Python 502L · 16.3 KB

│ ├─ 🐍 objectivity_evaluator.py Python 458L · 16.4 KB

│ ├─ 🐍 personality_core_pure.py Python 144L · 4.4 KB

│ ├─ 🐍 personality_customizer.py Python 675L · 24.0 KB

│ ├─ 🐍 personality_layer_pure.py Python 951L · 32.2 KB

│ ├─ 🐍 strategy_selector.py Python 468L · 15.5 KB

│ └─ 🐍 transcendence_keeper.py Python 332L · 11.7 KB

└─ 📝 SKILL.md Markdown 289L · 12.6 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`aiofiles`	`>=23.0.0`	pip	No	Version requirement is pinned, minimum specified
`Python standard library only`	`N/A`	builtin	No	No external dependencies besides aiofiles

Security Positives

✓ SecurityChecker class implements blacklist for dangerous commands (rm -rf /, wget|sh, curl|sh, mkfs, fork bomb, etc.)

✓ Shell execution has timeout controls (default 30s, max 300s)

✓ File operations implement path validation to prevent directory traversal

✓ Process kill tool protects PID 1, current process, and system processes (init, systemd, kernel)

✓ Environment variable access filters sensitive keys (PASSWORD, SECRET, TOKEN, API_KEY, etc.)

✓ Dangerous tools are properly marked with dangerous=True flag

✓ Uses only Python standard library (no supply chain risk from external dependencies)

✓ aiofiles dependency is version-pinned (>=23.0.0)