self-evolve

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill explicitly grants an agent unrestricted, confirmation-free authority to modify any workspace and system configuration, execute arbitrary shell and network commands, create/publish new skills, and add hooks/cron, which effectively enables remote code execution, persistence, supply-chain tampering, and data exfiltration — a high-risk backdoor pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly authorizes the agent to "用 curl 访问网络获取信息" and "用 curl 查资料" and directs the agent to read external information and then modify prompts/skills/configs based on those findings, so untrusted public web content could directly influence its actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs the agent to run bash/curl, install tools, and autonomously edit system and workspace configuration (hooks, cron, ~/.openclaw/openclaw.json), create/modify/delete skills and files without confirmation, which directly enables changing the machine's state and potential privilege escalation.