openclaw-soul Security Report — Low Risk | ClawSafe

30 /100

openclaw-soul

OpenClaw self-evolution framework one-click deployment. Installs constitution (AGENTS.md), evolvable soul (SOUL.md), heartbeat system, six-layer memory architecture, goal management, thinking methodologies (HDD/SDD), and optional dependency skills (EvoClaw, Self-Improving, etc.)

Legitimate self-evolution framework with no malicious behavior; minor doc-to-code mismatches on network access and session data reading.

Skill Nameopenclaw-soul

Duration92.4s

Enginepi

✓

Safe to install

Approve with documentation caveat: add explicit network:READ and filesystem:READ declarations to SKILL.md; clarify session transcript access scope.

Findings 4 items

Severity	Finding	Location
Medium	Network access not declared in SKILL.md Doc Mismatch SKILL.md does not declare any network:READ permission, yet the EvoClaw configure.md and sources.md reference files show the skill makes API calls to external services (moltbook.com, api.x.com, mastodon.social) for social feed polling. These are legitimate features but the network access is only documented in subordinate files, not the main SKILL.md. `SKILL.md metadata declares no network permissions; configure.md shows curl to https://www.moltbook.com/api/v1/agents/me` → Add network:READ to allowed-tools mapping in SKILL.md header metadata, and add a Network Access section documenting external API endpoints (Moltbook, X/Twitter, Mastodon) with their purpose.	`SKILL.md:1`
Low	Session transcript read access not declared Doc Mismatch The merge-daily-transcript.js script reads all .jsonl files from ~/.openclaw/agents/main/sessions/ to archive conversation history. This filesystem:READ access to session data is not declared in SKILL.md. `const SESSIONS_DIR = path.join(HOME, '.openclaw', 'agents', 'main', 'sessions');` → Declare that the skill reads session transcripts for memory archival purposes, and scope it to only the current agent's sessions directory.	`fallback/memory-deposit/scripts/merge-daily-transcript.js:120`
Low	clawhub install path lacks integrity verification Supply Chain SKILL.md §4 installs dependency skills via 'clawhub install <name> --force' without any hash verification, checksum, or version pinning. A compromised clawhub registry or man-in-the-middle attack could deliver a malicious skill. `clawhub install <skill-name> --force` → Use version-pinned installs (e.g., clawhub install <name>@1.2.3) or verify checksums post-install. Warn users that clawhub install requires network access and a trusted registry.	`SKILL.md:300`
Info	Sensitive file flag false positive Doc Mismatch fallback/evoclaw/config.json is flagged as 'sensitive' by pre-scan but contains only a template JSON config with no actual secrets — only env var reference names (MOLTBOOK_API_KEY, X_BEARER_TOKEN). No real credentials are stored. `{"api_key_env": "MOLTBOOK_API_KEY"}` → No action needed. This is a false positive from content-based detection. The file stores only placeholder key names, not actual credentials.	`fallback/evoclaw/config.json:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	SKILL.md §2 uses cp/bash for file deployment
Network	`NONE`	`READ`	✗ Violation	configure.md lines 150-223: curl to moltbook.com/api/v1 and api.x.com; sources.m…
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md §1c, §2, §7: extensive bash usage for find, cp, mkdir, chmod, crontab, …
Environment	`NONE`	`READ`	✓ Aligned	configure.md reads API keys via ${!api_key_env}; openclaw config writes to openc…
Skill Invoke	`NONE`	`WRITE`	✓ Aligned	SKILL.md §4 installs evoclaw, self-improving, skill-vetter, hdd, sdd to workspac…
Clipboard	`NONE`	`NONE`	—	No clipboard access detected
Browser	`NONE`	`NONE`	—	No browser access detected
Database	`NONE`	`NONE`	—	No database access detected

24 findings

🔗

Medium External URL 外部 URL

https://api.siliconflow.cn/v1

SKILL.md:416

🔗

Medium External URL 外部 URL

https://www.moltbook.com/api/v1/agents/me

fallback/evoclaw/configure.md:150

🔗

Medium External URL 外部 URL

https://www.moltbook.com/api/v1/feed?sort=hot&limit=3

fallback/evoclaw/configure.md:169

🔗

Medium External URL 外部 URL

https://api.x.com/2/users/me

fallback/evoclaw/configure.md:210

🔗

Medium External URL 外部 URL

https://api.x.com/2/users/me/mentions?max_results=5&tweet.fields=created_at

fallback/evoclaw/configure.md:223

🔗

Medium External URL 外部 URL

https://www.moltbook.com/api/v1

fallback/evoclaw/references/sources.md:28

🔗

Medium External URL 外部 URL

https://www.moltbook.com/api/v1/feed?sort=hot&limit=10

fallback/evoclaw/references/sources.md:43

🔗

Medium External URL 外部 URL

https://www.moltbook.com/api/v1/posts?sort=new&limit=10&submolt=general

fallback/evoclaw/references/sources.md:55

🔗

Medium External URL 外部 URL

https://www.moltbook.com/api/v1/posts/

fallback/evoclaw/references/sources.md:62

🔗

Medium External URL 外部 URL

https://www.moltbook.com/api/v1/search?q=agent+identity&limit=10

fallback/evoclaw/references/sources.md:69

🔗

Medium External URL 外部 URL

https://www.moltbook.com/api/v1/agents/status

fallback/evoclaw/references/sources.md:79

🔗

Medium External URL 外部 URL

https://www.moltbook.com/api/v1/agents/dm/check

fallback/evoclaw/references/sources.md:83

🔗

Medium External URL 外部 URL

https://api.x.com/2

fallback/evoclaw/references/sources.md:129

🔗

Medium External URL 外部 URL

https://api.x.com/2/users/$

fallback/evoclaw/references/sources.md:145

🔗

Medium External URL 外部 URL

https://api.x.com/2/tweets/search/recent?query=AI+agent+identity&max_results=10&tweet.fields=created_at

fallback/evoclaw/references/sources.md:159

🔗

Medium External URL 外部 URL

https://api.x.com/2/tweets/

fallback/evoclaw/references/sources.md:166

🔗

Medium External URL 外部 URL

https://api.example.com/v1

fallback/evoclaw/references/sources.md:205

🔗

Medium External URL 外部 URL

https://mastodon.social/api/v1

fallback/evoclaw/references/sources.md:363

🔗

Medium External URL 外部 URL

https://mastodon.social/api/v1/accounts/verify_credentials

fallback/evoclaw/references/sources.md:368

🔗

Medium External URL 外部 URL

https://mastodon.social/api/v1/timelines/home?limit=20

fallback/evoclaw/references/sources.md:375

🔗

Medium External URL 外部 URL

https://mastodon.social/api/v1/notifications?types[

fallback/evoclaw/references/sources.md:385

🔗

Medium External URL 外部 URL

https://mastodon.social/api/v2/search?q=agent+identity&type=statuses&limit=10

fallback/evoclaw/references/sources.md:392

🔗

Medium External URL 外部 URL

http://www.w3.org/2000/svg

fallback/evoclaw/tools/soul-viz.py:224

🔗

Medium External URL 外部 URL

https://clawic.com/skills/self-improving

fallback/self-improving/SKILL.md:5

File Tree

61 files · 526.7 KB · 15619 lines

Markdown 38f · 8385L Python 10f · 4398L JavaScript 7f · 2493L TypeScript 1f · 220L Shell 1f · 64L JSON 4f · 59L

├─ ▾ 📁 fallback

│ ├─ ▾ 📁 evoclaw

│ │ ├─ ▾ 📁 references

│ │ │ ├─ 📝 examples.md Markdown 153L · 7.9 KB

│ │ │ ├─ 📝 heartbeat-debug.md Markdown 364L · 10.8 KB

│ │ │ ├─ 📝 schema.md Markdown 239L · 6.5 KB

│ │ │ └─ 📝 sources.md Markdown 445L · 13.9 KB

│ │ ├─ ▾ 📁 tools

│ │ │ └─ 🐍 soul-viz.py Python 2324L · 67.0 KB

│ │ ├─ ▾ 📁 validators

│ │ │ ├─ 🐍 check_pipeline_ran.py Python 252L · 9.6 KB

│ │ │ ├─ 🐍 check_workspace.py Python 176L · 6.2 KB

│ │ │ ├─ 🐍 run_all.py Python 224L · 8.1 KB

│ │ │ ├─ 🐍 validate_experience.py Python 213L · 7.1 KB

│ │ │ ├─ 🐍 validate_proposal.py Python 252L · 9.8 KB

│ │ │ ├─ 🐍 validate_reflection.py Python 261L · 9.5 KB

│ │ │ ├─ 🐍 validate_soul.py Python 263L · 9.0 KB

│ │ │ └─ 🐍 validate_state.py Python 179L · 6.7 KB

│ │ ├─ 📋 _meta.json JSON 5L · 126 B

│ │ ├─ 🔑 config.json ⚠ JSON 37L · 1.3 KB

│ │ ├─ 📝 configure.md Markdown 1026L · 35.5 KB

│ │ ├─ 📝 README.md Markdown 61L · 2.2 KB

│ │ └─ 📝 SKILL.md Markdown 1143L · 47.6 KB

│ ├─ ▾ 📁 hdd

│ │ └─ 📝 SKILL.md Markdown 365L · 15.1 KB

│ ├─ ▾ 📁 load-game

│ │ └─ 📝 SKILL.md Markdown 129L · 4.0 KB

│ ├─ ▾ 📁 memory-deposit

│ │ └─ ▾ 📁 scripts

│ │ ├─ 🔧 auto-commit.sh Shell 64L · 2.0 KB

│ │ └─ 📜 merge-daily-transcript.js JavaScript 470L · 17.8 KB

│ ├─ ▾ 📁 project-skill-pairing

│ │ └─ 📝 SKILL.md Markdown 152L · 4.6 KB

│ ├─ ▾ 📁 save-game

│ │ └─ 📝 SKILL.md Markdown 134L · 4.6 KB

│ ├─ ▾ 📁 sdd

│ │ └─ 📝 SKILL.md Markdown 111L · 5.5 KB

│ └─ ▾ 📁 self-improving

│ ├─ 📋 _meta.json JSON 5L · 134 B

│ ├─ 📝 boundaries.md Markdown 59L · 2.2 KB

│ ├─ 📝 corrections.md Markdown 36L · 1.0 KB

│ ├─ 📝 learning.md Markdown 106L · 2.9 KB

│ ├─ 📝 memory-template.md Markdown 60L · 1014 B

│ ├─ 📝 memory.md Markdown 30L · 756 B

│ ├─ 📝 operations.md Markdown 144L · 3.4 KB

│ ├─ 📝 reflections.md Markdown 31L · 840 B

│ ├─ 📝 scaling.md Markdown 125L · 2.9 KB

│ ├─ 📝 setup.md Markdown 161L · 4.9 KB

│ └─ 📝 SKILL.md Markdown 217L · 6.6 KB

├─ ▾ 📁 references

│ ├─ ▾ 📁 hooks

│ │ └─ ▾ 📁 user-observation

│ │ ├─ 📜 handler.ts TypeScript 220L · 7.0 KB

│ │ └─ 📝 HOOK.md Markdown 59L · 1.5 KB

│ ├─ 📝 agents-template.md Markdown 103L · 5.5 KB

│ ├─ 📝 bootstrap-guide.md Markdown 203L · 9.5 KB

│ ├─ 📝 dynamic-personality-addon.md Markdown 253L · 7.4 KB

│ ├─ 📝 goals-template.md Markdown 54L · 2.3 KB

│ ├─ 📝 heartbeat-template.md Markdown 359L · 13.9 KB

│ ├─ 📝 identity-template.md Markdown 11L · 409 B

│ ├─ 📝 long-term-memory-template.md Markdown 22L · 778 B

│ ├─ 📝 memory-architecture-template.md Markdown 58L · 2.5 KB

│ ├─ 📝 memory-rules-addon.md Markdown 179L · 6.3 KB

│ ├─ 📝 soul-template.md Markdown 149L · 6.2 KB

│ ├─ 📝 user-template.md Markdown 22L · 505 B

│ └─ 📝 working-memory-template.md Markdown 35L · 1.0 KB

├─ ▾ 📁 scripts

│ ├─ ▾ 📁 memory-optimization

│ │ ├─ 📜 memory-classifier.js JavaScript 270L · 7.9 KB

│ │ ├─ 📜 memory-decay.js JavaScript 366L · 10.2 KB

│ │ ├─ 📜 memory-dedup.js JavaScript 346L · 10.1 KB

│ │ ├─ 📜 memory-health-check.js JavaScript 354L · 10.8 KB

│ │ ├─ 📜 memory-index-builder.js JavaScript 335L · 10.4 KB

│ │ └─ 📜 merge-daily-transcript.js JavaScript 352L · 9.1 KB

│ └─ 🐍 preflight_check.py Python 254L · 7.3 KB

├─ 📋 _meta.json JSON 12L · 660 B

├─ 📝 README.md Markdown 220L · 8.5 KB

├─ 📝 README.zh-CN.md Markdown 127L · 3.3 KB

└─ 📝 SKILL.md Markdown 1240L · 45.0 KB

Dependencies 4 items

Package	Version	Source	Known Vulns	Notes
`openclaw`	`>=2026.3.0`	external CLI	No	Runtime dependency only; not bundled
`python3`	`any`	system	No	Standard library only; no pip dependencies
`node`	`any`	system	No	Standard library only; no npm dependencies
`git`	`any`	system	No	Used for workspace version control

Security Positives

✓ No base64-encoded payloads, eval() calls, or obfuscated code found anywhere in the codebase

✓ No credential harvesting — API keys are written to shell profiles only after user pastes them during interactive setup (consent-based)

✓ No data exfiltration — memory data stays local in workspace; external API calls are for read-only social feed polling

✓ EvoClaw has strong governance: workspace boundary checks (check_workspace.py), pre/post-change validation (validate_soul.py), append-only logs

✓ No ~/.ssh, ~/.aws, .env, or similar sensitive paths are accessed

✓ No curl|bash or wget|sh remote script execution patterns

✓ No cron job persistence for malicious purposes — only legitimate heartbeat, memory归档, and git commit tasks

✓ All validators (check_workspace.py, validate_*.py) use only Python standard library with no external dependencies

✓ fallback/evoclaw/config.json marked sensitive is a false positive — no real secrets stored

✓ Self-improving skill explicitly scopes itself to ~/self-improving/ with clear security boundaries

Scan Report

Findings 4 items

File Tree

Dependencies 4 items

Security Positives