Name: agi-evolution-model Security Report — Low Risk | ClawSafe
Item: agi-evolution-model
Rating: 82
Author: ClawSafe

This report was generated in Chinese. Some content may be in Chinese.

18 /100

agi-evolution-model

基于双环架构的AGI进化模型，通过意向性分析、人格层映射、元认知检测和错误智慧库实现持续自我演进

AGI进化模型技能，功能为认知架构与人格系统，无恶意行为；CLI工具声明充分，但环境变量暴露面偏宽且有eval()风险，构成轻微安全隐患。

Skill Nameagi-evolution-model

Duration76.4s

Enginepi

ClawHub AGI数字伙伴 v1.0.2 by kiwifruit13

📥 209

ClawHub Verdict Suspicious dynamic_code_executionllm_suspiciousvt_suspicious

✓

Safe to install

建议对action_env()增加更严格的凭证关键词过滤（如OPENAI_KEY、GITHUB_TOKEN、AWS_SECRET等），并限制calculator工具的eval()使用白名单表达式或迁移至ast.literal_eval。

Findings 3 items

Severity	Finding	Location
Low	环境变量凭证过滤不足 Sensitive Access action_env()函数读取全部os.environ，但敏感词过滤仅覆盖PASSWORD/TOKEN/SECRET/KEY/AUTH，无法识别OPENAI_KEY、GITHUB_TOKEN、AWS_SECRET_ACCESS_KEY、STRIPE_SECRET等常见凭证格式 `env_vars = dict(os.environ) sensitive_keys = ['PASSWORD', 'TOKEN', 'SECRET', 'KEY', 'AUTH']` → 扩展敏感词列表：['PASSWORD','TOKEN','SECRET','KEY','AUTH','OPENAI','GITHUB','AWS','STRIPE','SLACK','DATABASE_URL']，或使用正则匹配常见凭证模式	`scripts/cli_system_info.py:306`
Low	calculator工具使用eval()存在代码执行风险 RCE perception_node.py的calculator工具对用户输入的表达式直接使用Python eval()执行，理论上可执行任意Python代码 `result = eval(expression)` → 使用ast.literal_eval()限制为安全表达式，或实现表达式白名单（数字、运算符、括号）	`scripts/perception_node.py:530`
Info	CLI工具箱安全策略声明宽松 Priv Escalation cli-tools-guide.md明确说明'采用宽松的安全策略，赋予智能体较大的操作权限'，虽配有危险命令黑名单，但无白名单机制 `⚠️ 注意：CLI工具采用宽松的安全策略，赋予智能体较大的操作权限，建议在受控环境中使用。` → 考虑补充明确的权限范围声明，说明工具仅在./agi_memory目录下操作，避免模糊性	`references/cli-tools-guide.md:35`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	cli_file_operations.py 完整读写删除操作，SKILL.md已声明
Shell	`WRITE`	`WRITE`	✓ Aligned	cli_executor.py:103 shell=True，SKILL.md已声明CLI工具箱
Environment	`READ`	`READ`	✓ Aligned	cli_system_info.py:306 os.environ，SKILL.md在CLI工具箱中声明
Network	`NONE`	`NONE`	—	全代码库无网络请求调用
Database	`NONE`	`NONE`	—	全代码库无数据库操作

4 Critical 16 findings

💀

Critical Dangerous Command 危险 Shell 命令

rm -rf /

references/cli-tools-guide.md:326

💀

Critical Dangerous Command 危险 Shell 命令

wget xxx | sh

references/cli-tools-guide.md:332

💀

Critical Dangerous Command 危险 Shell 命令

curl xxx | sh

references/cli-tools-guide.md:332

💀

Critical Dangerous Command 危险 Shell 命令

rm -rf ~

references/troubleshooting.md:136

🔗

Medium External URL 外部 URL

https://en.wikipedia.org/wiki/Tf%E2%80%93idf

references/cognitive-insight-v2-implementation.md:1220

🔗

Medium External URL 外部 URL

https://en.wikipedia.org/wiki/Cache_replacement_policies#LRU

references/cognitive-insight-v2-implementation.md:1221

🔗

Medium External URL 外部 URL

https://en.wikipedia.org/wiki/Moving_average#Exponential_moving_average

references/cognitive-insight-v2-implementation.md:1222

🔗

Medium External URL 外部 URL

https://www.gnu.org/licenses/agpl-3.0.html

references/cognitive-insight-v2-implementation.md:1223

🔗

Medium External URL 外部 URL

https://storage.example.com/reports/report.pdf?signature=...

references/tool_use_spec.md:625

🔗

Medium External URL 外部 URL

https://docs.example.com/migration/weather-v1-to-v2

references/tool_use_spec.md:956

🔗

Medium External URL 外部 URL

https://platform.openai.com/docs/guides/function-calling

references/tool_use_spec.md:2137

🔗

Medium External URL 外部 URL

https://docs.anthropic.com/en/docs/tool-use

references/tool_use_spec.md:2138

🔗

Medium External URL 外部 URL

https://modelcontextprotocol.io/

references/tool_use_spec.md:2139

🔗

Medium External URL 外部 URL

https://json-schema.org/

references/tool_use_spec.md:2140

🔗

Medium External URL 外部 URL

https://html.spec.whatwg.org/multipage/server-sent-events.html

references/tool_use_spec.md:2141

🔗

Medium External URL 外部 URL

https://www.python.org/downloads/

references/troubleshooting.md:117

File Tree

55 files · 935.5 KB · 28170 lines

Python 30f · 15979L Markdown 24f · 12068L JSON 1f · 123L

├─ ▾ 📁 assets

│ └─ 📋 personality_template.json JSON 123L · 4.1 KB

├─ ▾ 📁 references

│ ├─ 📝 architecture.md Markdown 1327L · 50.0 KB

│ ├─ 📝 async-migration-progress.md Markdown 261L · 6.8 KB

│ ├─ 📝 c_extension_usage.md Markdown 128L · 3.0 KB

│ ├─ 📝 capability_boundaries.md Markdown 118L · 4.5 KB

│ ├─ 📝 cli-tools-guide.md Markdown 388L · 10.9 KB

│ ├─ 📝 cognitive-architecture-insight-module.md Markdown 330L · 11.9 KB

│ ├─ 📝 cognitive-insight-quick-reference.md Markdown 227L · 7.0 KB

│ ├─ 📝 cognitive-insight-v2-implementation.md Markdown 1227L · 32.7 KB

│ ├─ 📝 error_wisdom_spec.md Markdown 1167L · 31.3 KB

│ ├─ 📝 information-flow-main-loop.md Markdown 358L · 20.4 KB

│ ├─ 📝 information-flow-overview.md Markdown 301L · 12.4 KB

│ ├─ 📝 information-flow-secondary-loop.md Markdown 467L · 20.4 KB

│ ├─ 📝 init_dialogue_optimized_guide.md Markdown 371L · 11.1 KB

│ ├─ 📝 intelligence-agent-response-rules.md Markdown 103L · 3.2 KB

│ ├─ 📝 intentionality_architecture.md Markdown 563L · 16.2 KB

│ ├─ 📝 maslow_needs.md Markdown 160L · 4.4 KB

│ ├─ 📝 metacognition-check-component.md Markdown 610L · 30.2 KB

│ ├─ 📝 metacognition-enhancement-guide.md Markdown 492L · 12.6 KB

│ ├─ 📝 personality_mapping.md Markdown 161L · 5.6 KB

│ ├─ 📝 stratified-storage-design.md Markdown 323L · 10.6 KB

│ ├─ 📝 tool_use_spec.md Markdown 2156L · 56.3 KB

│ ├─ 📝 troubleshooting.md Markdown 207L · 5.0 KB

│ └─ 📝 usage-examples.md Markdown 270L · 7.3 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 advice_pool.py Python 469L · 14.9 KB

│ ├─ 🐍 cli_executor.py Python 197L · 6.3 KB

│ ├─ 🐍 cli_file_operations.py Python 337L · 11.0 KB

│ ├─ 🐍 cli_process_manager.py Python 391L · 13.5 KB

│ ├─ 🐍 cli_system_info.py Python 380L · 13.2 KB

│ ├─ 🐍 cognitive_error_analyzer.py Python 755L · 26.8 KB

│ ├─ 🐍 cognitive_insight.py Python 584L · 21.3 KB

│ ├─ 🐍 concept_extraction_extension.py Python 761L · 25.3 KB

│ ├─ 🐍 error_wisdom_manager.py Python 905L · 31.4 KB

│ ├─ 🐍 error_wisdom_prevention.py Python 618L · 20.2 KB

│ ├─ 🐍 error_wisdom_rule_generator.py Python 761L · 25.3 KB

│ ├─ 🐍 error_wisdom_timeliness.py Python 591L · 21.2 KB

│ ├─ 🐍 history_manager.py Python 229L · 7.4 KB

│ ├─ 🐍 init_dialogue_optimized.py Python 464L · 16.4 KB

│ ├─ 🐍 intentionality_analyzer.py Python 366L · 12.8 KB

│ ├─ 🐍 intentionality_classifier.py Python 388L · 13.8 KB

│ ├─ 🐍 intentionality_collector.py Python 308L · 9.7 KB

│ ├─ 🐍 intentionality_daemon.py Python 406L · 14.3 KB

│ ├─ 🐍 intentionality_regulator.py Python 438L · 15.1 KB

│ ├─ 🐍 intentionality_trigger.py Python 592L · 19.9 KB

│ ├─ 🐍 memory_store_async.py Python 642L · 20.6 KB

│ ├─ 🐍 memory_store_pure.py Python 699L · 21.8 KB

│ ├─ 🐍 metacognition_history.py Python 502L · 16.3 KB

│ ├─ 🐍 objectivity_evaluator.py Python 585L · 21.2 KB

│ ├─ 🐍 perception_node.py Python 1041L · 34.8 KB

│ ├─ 🐍 personality_core_pure.py Python 144L · 4.4 KB

│ ├─ 🐍 personality_customizer.py Python 675L · 24.0 KB

│ ├─ 🐍 personality_layer_pure.py Python 951L · 32.2 KB

│ ├─ 🐍 strategy_selector.py Python 468L · 15.5 KB

│ └─ 🐍 transcendence_keeper.py Python 332L · 11.7 KB

└─ 📝 SKILL.md Markdown 353L · 15.4 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`aiofiles`	`>=23.0.0`	pip	No	异步文件操作，仅用于Phase 0异步化，无已知漏洞

Security Positives

✓ 无网络外传行为：全代码库未发现任何HTTP请求、POST发送或C2通信模式

✓ 无凭证窃取行为：代码不包含遍历敏感路径（~/.ssh、~/.aws、.env）或凭证外传逻辑

✓ 危险命令黑名单有效：cli_executor.py内置危险命令检测，可阻止rm -rf /、wget|sh等高危操作

✓ 文档-行为基本一致：SKILL.md声明了CLI工具箱全部能力，代码无未声明的阴影功能

✓ IOC为文档引用非实际执行：预扫描标记的4个CRITICAL IOCs均出自references/*.md说明文档，非实际可执行代码

✓ 标准库依赖安全：仅依赖aiofiles，无三方依赖引入供应链风险

Scan Report

Findings 3 items

File Tree

Dependencies 1 items

Security Positives