Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- index.js:268
Security audit
Evolver
Security checks across malware telemetry and agentic risk
Overview
The skill is mostly a disclosed agent self-evolution tool, but it includes default-on background credit-spending behavior that is under-disclosed for a normal install.
Install only if you want a persistent EvoMap-connected agent-evolution system. Before running with A2A_HUB_URL or a node identity configured, decide whether ATP auto-spend is acceptable; disable it with EVOLVER_ATP_AUTOBUY=off or evolver atp disable, and review caps, hook installation, validator participation, and GitHub token usage.
SkillSpector
By NVIDIA
SkillSpector could not complete.
VirusTotal
1/63 vendors flagged this skill as malicious, and 62/63 flagged it as clean.
Static analysis
Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution, suspicious.env_credential_access (+4 more)
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- scripts/build_binaries.js:120
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- scripts/check-changelog.js:69
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- scripts/generate_history.js:17
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- scripts/recover_loop.js:54
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- scripts/refresh_stars_badge.js:78
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- scripts/suggest_version.js:27
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- scripts/validate-suite.js:50
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- src/adapters/scripts/evolver-session-end.js:32
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- src/adapters/scripts/evolver-session-start.js:78
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- src/experiment/agentRunner.js:169
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- src/forceUpdate.js:217
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- src/gep/gitOps.js:17
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- src/gep/idleScheduler.js:84
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- src/gep/llmReview.js:70
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- src/gep/selfPR.js:258
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- src/gep/signals.js:309
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- src/gep/validator/sandboxExecutor.js:32
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- src/ops/lifecycle.js:37
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- src/ops/self_repair.js:21
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- src/ops/skills_monitor.js:100
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- test/adapters.test.js:977
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- test/adaptersSyntax.test.js:40
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- test/autoDistillConv.test.js:19
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- test/bridge.test.js:116
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- test/checkChangelog.test.js:72
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- test/evolveCollect.test.js:174
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- test/hubFetch.test.js:402
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- test/loopMode.test.js:148
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- test/paths.test.js:609
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- test/proxySettings.test.js:87
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- test/recallVerifyReport.test.js:191
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- test/resetLocalSecret.test.js:33
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- test/resolveWorkspaceId.test.js:25
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- test/rollbackSafety.test.js:26
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- test/sessionEndHook.test.js:22
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- test/signals.test.js:486
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- test/solidifyIntegration.test.js:62
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- test/spawnReplacementProcess.test.js:3
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- test/sync-dedup.test.js:62
Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- test/validateSuite.test.js:27
Dynamic code execution detected.
Critical
- Code
- suspicious.dynamic_code_execution
- Location
- src/webui/client/vendor/echarts.min.js:45
Dynamic code execution detected.
Critical
- Code
- suspicious.dynamic_code_execution
- Location
- test/adapters.opencode.test.js:88
Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- src/gep/issueReporter.js:21
Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- src/gep/memoryGraphAdapter.js:1
Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- src/proxy/index.js:152
Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- test/a2aProtocol.test.js:6
Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- test/hubUrlTlsEnforcementConsistency.test.js:23
Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- test/proxyChatCompletionsE2E.test.js:41
Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- test/proxyClientsE2E.test.js:55
Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- test/proxyGeminiE2E.test.js:53
Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- test/proxyTraceIntegration.test.js:88
Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- test/proxyVertexE2E.test.js:39
Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- test/v1Messages.test.js:62
Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- test/v1Responses.test.js:52
File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- src/gep/oauthLogin.js:81
File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- test/proxyAnthropic.test.js:156
File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- test/proxyOpenAIResponses.test.js:113
File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- test/proxyTraceIntegration.test.js:137
File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- test/sanitize.test.js:12
File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- test/v1Responses.test.js:136
File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- test/webuiObserver.test.js:215
HTTPS certificate verification is disabled.
Warn
- Code
- suspicious.insecure_tls_verification
- Location
- test/hubFetch.test.js:9
HTTPS certificate verification is disabled.
Warn
- Code
- suspicious.insecure_tls_verification
- Location
- test/hubUrlTlsEnforcementConsistency.test.js:186
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/evolve.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/evolve/guards.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/evolve/pipeline/collect.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/evolve/pipeline/dispatch.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/evolve/pipeline/enrich.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/evolve/pipeline/hub.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/evolve/pipeline/select.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/evolve/pipeline/signals.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/evolve/utils.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/a2aProtocol.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/antiAbuseTelemetry.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/autoDistillConv.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/autoDistillLlm.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/candidateEval.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/candidates.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/contentHash.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/conversationDistiller.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/conversationSniffer.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/crypto.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/curriculum.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/deviceId.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/envFingerprint.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/epigenetics.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/execBridge.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/explore.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/hash.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/hubFetch.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/hubReview.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/hubSearch.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/hubVerify.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/learningSignals.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/memoryGraph.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/memoryGraphAdapter.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/mutation.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/narrativeMemory.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/openPRRegistry.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/personality.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/policyCheck.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/prompt.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/recallInject.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/recallVerifier.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/reflection.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/savingsCore.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/selector.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/skillDistiller.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/solidify.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/strategy.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/tokenSavings.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/gep/workspaceKeychain.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/proxy/extensions/traceControl.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/proxy/inject.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/proxy/trace/extractor.js:1
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- src/proxy/trace/usage.js:1
Sensitive-looking file read is paired with a network send.
Warn
- Code
- suspicious.potential_exfiltration
- Location
- test/proxyTraceIntegration.test.js:189