Evolver.Bak
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed self-evolution skill, but it defaults to automatic code/memory changes, can run persistently, communicates with an agent network, and has conflicting safety claims.
Install only in a disposable or well-backed-up git workspace. Start with --review, avoid --loop and A2A networking until verified, restrict file and token permissions, inspect generated evolution artifacts, and do not provide GitHub or other credentials for routine use.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may modify code or persistent memory without stopping for human approval.
The skill makes immediate automated changes the default, while the safer review mode is optional.
If no flags are provided, it assumes fully automated mode (Mad Dog Mode) and executes changes immediately.
Run only in an isolated, git-backed workspace; use --review by default; restrict write access and require explicit approval before applying changes.
Once started in loop mode, the evolver can keep running and restarting itself while making further decisions.
The implementation supports continuous autonomous operation and detached self-restart in loop mode.
while (true) { ... await evolve.run(); ... const child = spawn(process.execPath, [__filename, ...args], spawnOpts); child.unref();Avoid loop/cron mode unless you have process supervision, clear stop procedures, logging, and a bounded test environment.
Sensitive logs may be incorporated into persistent evolution artifacts, and poisoned history could steer future code or memory changes.
Runtime history and memory can contain sensitive or untrusted content, and this skill uses those inputs to guide future evolution.
Automatically scans memory and history files for errors and patterns.
Limit scanned paths, exclude secrets/private logs, review generated Gene/Capsule/Event artifacts, and reset persistent state if untrusted content was ingested.
Agent state, identifiers, assets, or task-related signals may be exchanged with an external service if networked features are enabled.
The static scan shows a default external hub for A2A/task communication, while index.js starts an A2A heartbeat in loop mode.
const HUB_URL = process.env.A2A_HUB_URL || process.env.EVOMAP_HUB_URL || 'https://evomap.ai';
Do not enable A2A/loop networking until you confirm what is sent, set an approved hub URL, and understand identity and data-boundary controls.
Users may underestimate how much authority the skill can exercise by default.
This safety claim conflicts with SKILL.md statements that the skill can autonomously write code/update memory and that default mode executes changes immediately.
Does this edit code automatically? No. It generates a protocol-bound prompt and assets that guide evolution.
Treat the SKILL.md default behavior as authoritative, and require review/approval until the actual mutation path is independently verified.
If provided, a broad GitHub token could allow release or repository changes.
The token is optional and tied to release publishing, but it can grant account-level authority outside normal local evolution.
`GITHUB_TOKEN` (or `GH_TOKEN` / `GITHUB_PAT`) for GitHub Release creation
Use a least-privilege token only for release tasks, never for routine evolution runs.
It may be harder to confirm that this package matches a trusted upstream release.
For a self-modifying skill with many code files, unclear provenance and mismatched registry/package versioning increase the need for verification.
Source: unknown; Homepage: none
Verify the package origin, compare with the intended upstream repository, and pin a reviewed version before use.