MindCore

Biomimetic emotional mind engine for AI Agents. Provides human-like emotional responses through a 5-layer neural conduction pipeline (L0 Stochastic Noise → L...

What to check before installing or running MindCore: - Inspect js_bridge/OpenClawBridge.js and any bridge code. Confirm what exact command it runs and whether it includes any hardcoded endpoints or tokens. Do not run it until you understand how it delivers outputs. - Do not run pm2 with the provided ecosystem.config.js without editing its env values. Change OPENCLAW_TARGET to your own value or remove it. The shipped value (6755864404) appears to be someone else's Telegram id and would cause impulses to be sent to that party if you run the PM2 config unchanged. - If you do not want any external delivery, do not start the bridge (node js_bridge/OpenClawBridge.js) and run engine_supervisor.py in a locally-observed mode first. The Python engine can run and write outputs to output/ without running the bridge. - Expect the package to download the sentence-transformers model (all-MiniLM-L6-v2) on first run unless you have it locally; this requires network access. Audit or run in an environment where incidental downloads are allowed/monitored. - Review any instructions that ask your agent to push conversation topics or update Sensor_State.json; those files can contain user conversation content and will be read by the engine. Treat them as potentially sensitive and control filesystem permissions. - Consider running the engine in a contained environment (VM/container) the first time to observe behavior and confirm no unintended network activity or external deliveries occur. Why this is 'suspicious' rather than 'benign' or 'malicious': the code, docs, and runtime behavior are largely coherent with the described purpose, but the inclusion of a third-party default Telegram target and an automatic bridge that invokes an agent delivery command are inconsistent with a purely local engine and could lead to accidental data exfiltration if the defaults are used. There is no clear proof of deliberate malicious code, but the defaults are unsafe and demand manual inspection/modification before use.

Type: OpenClaw Skill Name: mindcore Version: 1.0.0 The skill is classified as suspicious due to significant prompt injection surfaces and external control mechanisms that, while intended for self-management, pose considerable security risks. The `engine_supervisor.py` and `scripts/js_bridge/OpenClawBridge.js` directly pass internally generated `system_prompt_injection` content to the `openclaw agent --message` command, which is a direct prompt injection vector against the AI agent. Furthermore, the `engine_supervisor.py` processes `config_cmd.json` and `reward_cmd.json` from the `output/` directory, allowing external modification of engine parameters (e.g., `BURST_BASE_OFFSET`) and personality weights. The `references/INTEGRATION.md` explicitly instructs the AI agent on how to write to these control files and `data/sleep_mode.flag`, creating a clear channel for an attacker to manipulate the agent's behavior or the engine's operation if the agent or file system is compromised. While there is no clear evidence of intentional malicious behavior (e.g., data exfiltration to unauthorized endpoints, backdoors), these capabilities represent critical vulnerabilities.