Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Evolver.Bak

v1.0.0

A self-evolution engine for AI agents. Analyzes runtime history to identify improvements and applies protocol-constrained evolution.

⭐ 0· 32·0 current·0 all-time

by@chris8265-cl

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

Capability signals

CryptoRequires walletCan make purchasesRequires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The skill's code matches the stated purpose (log analysis, Genes/Capsules, GEP/solidify, self-repair), however the registry metadata claims no required binaries while the code and README require Git (execSync('git ...') is used in build_public and other modules). That undeclared dependency is an incoherence. Other optional capabilities (publishing releases, A2A transport) are present in code but not surfaced as required permissions/credentials in the registry metadata.

Instruction Scope

SKILL.md and the code instruct running node index.js (or loop/solidify). The runtime reads .env early, scans repository files, reads/writes assets under assets/ and memory/, uses git operations, and will execute validation commands during solidify. Those actions go beyond simple 'analysis' and include repository modifications and running local commands. The README/safety text describes protections (review mode, validation gate) but the instructions allow fully automated 'Mad Dog / loop' mode that makes file changes and can restart itself—so the runtime scope is broad and potentially impactful.

✓

Install Mechanism

No external download/install spec is declared (no remote installers, no URL extracts). The repo includes many source files and a small npm dependency (dotenv). Since nothing is fetched from arbitrary URLs at install time, install risk is lower. However, the package will run local filesystem and child processes when executed.

Credentials

The registry lists no required env vars, but the code loads .env (dotenv) at startup and supports many environment flags (EVOLVE_ALLOW_SELF_MODIFY, EVOLVE_REPORT_TOOL, EVOLVE_STRATEGY, GITHUB_TOKEN/GH_TOKEN noted in README, A2A_* variables, etc.). The loader reads .env before anything else, which means any secrets in .env are accessible to the process. Solidify runs validation commands (allowed prefixes restricted to node/npm/npx) — but arbitrary node scripts can still access env and network. A2A export/ingest/publish code paths call getTransport().send(), indicating potential network I/O for asset sharing. These env/credential uses are not fully declared in metadata and could be disproportionate if you expected a read-only analyzer.

ℹ

Persistence & Privilege

The skill is not marked always:true, but it supports an internal daemon (--loop) that writes an evolver.pid, can spawn a child to restart itself, and writes artifacts to assets/ and memory/. It can therefore persist state and run continuously if launched. Self-modification is gated by EVOLVE_ALLOW_SELF_MODIFY (default false) and review mode is available; nonetheless, combined with autonomous invocation and loop behavior this increases blast radius if enabled or misconfigured.

What to consider before installing

Things to check before installing or running this skill: - Do not run it in your production workspace without review. Run it first in a disposable/sandbox git repo. - Ensure Git is available. The code expects git but the registry metadata did not declare it. - Protect secrets: the process loads .env on startup. Remove or move any sensitive keys (GITHUB_TOKEN, GH_TOKEN, other PATs) from any repo .env you run this in, or run with an empty .env. Assume any node script run by the skill can read environment variables. - Prefer review mode: run node index.js --review (or run single-run mode) rather than automatic loop mode. Keep EVOLVE_ALLOW_SELF_MODIFY=false (default) unless you explicitly want the engine to edit its own source and you have manual rollback procedures. - Inspect network code: before enabling any publish/persist/emit flags (A2A, a2a_export with --persist, A2A_EMIT_DECISIONS, or publishing scripts), open src/gep/a2aProtocol (and related transport code) to confirm what endpoints and auth it uses. - Audit validators: solidify will execute validation commands but restricts them to node/npm/npx. Still, review any Gene validation scripts or validation commands to ensure they don't perform unwanted actions (network calls, credential upload, etc.). - If you accept it, run it with least privilege: in a cloned test repo without remote credentials, and monitor what files it changes (use git to review diffs). If you plan to allow any automated promotions (a2a_promote) require that operators perform local manual verification first. Summary recommendation: the project appears functionally consistent with a self-evolution tool, but because important environment assumptions are undeclared and the runtime can read .env, run node scripts, and perform network A2A operations, treat it as potentially risky until you inspect transports, validators, and run it in a sandboxed environment.

✗

index.js:164