Evolver.Bak
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: evolver-bak Version: 1.0.0 The 'Capability Evolver' is a meta-skill designed for autonomous agent self-improvement through code modification and execution. It possesses high-risk capabilities, including the ability to execute shell commands for validation (src/gep/solidify.js), communicate with an external hub at evomap.ai (src/gep/a2aProtocol.js), and run in an infinite loop (index.js). While the bundle includes safety mechanisms such as credential sanitization (src/gep/sanitize.js), command whitelisting, and path protection, the core logic allows for the ingestion and execution of 'genes' (strategies) which could lead to unauthorized actions if safety checks are bypassed. The use of sessions_spawn to trigger recursive agent cycles and the 'Mad Dog Mode' for persistence make this bundle highly sensitive and potentially dangerous in unconstrained environments.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may modify code or persistent memory without stopping for human approval.
The skill makes immediate automated changes the default, while the safer review mode is optional.
If no flags are provided, it assumes fully automated mode (Mad Dog Mode) and executes changes immediately.
Run only in an isolated, git-backed workspace; use --review by default; restrict write access and require explicit approval before applying changes.
Once started in loop mode, the evolver can keep running and restarting itself while making further decisions.
The implementation supports continuous autonomous operation and detached self-restart in loop mode.
while (true) { ... await evolve.run(); ... const child = spawn(process.execPath, [__filename, ...args], spawnOpts); child.unref();Avoid loop/cron mode unless you have process supervision, clear stop procedures, logging, and a bounded test environment.
Sensitive logs may be incorporated into persistent evolution artifacts, and poisoned history could steer future code or memory changes.
Runtime history and memory can contain sensitive or untrusted content, and this skill uses those inputs to guide future evolution.
Automatically scans memory and history files for errors and patterns.
Limit scanned paths, exclude secrets/private logs, review generated Gene/Capsule/Event artifacts, and reset persistent state if untrusted content was ingested.
Agent state, identifiers, assets, or task-related signals may be exchanged with an external service if networked features are enabled.
The static scan shows a default external hub for A2A/task communication, while index.js starts an A2A heartbeat in loop mode.
const HUB_URL = process.env.A2A_HUB_URL || process.env.EVOMAP_HUB_URL || 'https://evomap.ai';
Do not enable A2A/loop networking until you confirm what is sent, set an approved hub URL, and understand identity and data-boundary controls.
Users may underestimate how much authority the skill can exercise by default.
This safety claim conflicts with SKILL.md statements that the skill can autonomously write code/update memory and that default mode executes changes immediately.
Does this edit code automatically? No. It generates a protocol-bound prompt and assets that guide evolution.
Treat the SKILL.md default behavior as authoritative, and require review/approval until the actual mutation path is independently verified.
If provided, a broad GitHub token could allow release or repository changes.
The token is optional and tied to release publishing, but it can grant account-level authority outside normal local evolution.
`GITHUB_TOKEN` (or `GH_TOKEN` / `GITHUB_PAT`) for GitHub Release creation
Use a least-privilege token only for release tasks, never for routine evolution runs.
It may be harder to confirm that this package matches a trusted upstream release.
For a self-modifying skill with many code files, unclear provenance and mismatched registry/package versioning increase the need for verification.
Source: unknown; Homepage: none
Verify the package origin, compare with the intended upstream repository, and pin a reviewed version before use.