Evolver

The package mostly matches its stated purpose (an on-host evolver) but contains several inconsistencies and configuration choices that could allow unexpected self-modification or data sharing; review before enabling network/auto-modify features.

This package is a legitimate-looking evolver engine, but review and lock down configuration before use. Key actions before installing or enabling loop/network modes: 1) Do not set EVOLVE_ALLOW_SELF_MODIFY=true unless you explicitly want the tool to be able to write/solidify code; keep it false for safer operation. 2) If you do not trust EvoMap Hub, leave A2A_HUB_URL unset and do not set A2A_NODE_ID or WORKER_ENABLED — the proxy/mailbox will otherwise sync assets to the network. 3) Only provide a GitHub token with minimal scope (or none) — providing a token allows automatic issue/release creation. 4) Audit the solidify/validation logic and the redaction routines (auto-issue code claims to redact sensitive values) before trusting automatic uploads of logs/events. 5) Clarify ambiguous capability allow/deny entries in SKILL.md (they appear contradictory). 6) Consider running the package in a disposable container or sandbox first and inspect what gets sent to the proxy/mailbox (a2a_export/a2a_promote paths) and ensure validation checks behave as you expect. If you need help checking any specific file or the redaction/validation routines, I can point to the exact code locations to review.