Back to skill
Skillv3.0.6
ClawScan security
Evolver - Skill Self-Evolution Engine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 17, 2026, 6:41 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill does what it says: a local, instruction-driven engine that scans workspace markdown logs for error signals and generates evolution prompts; it does not request credentials or perform network calls, but it will read user files (memory/*.md) and include file contents in generated prompts, so users must not store secrets there.
- Guidance
- This skill appears internally consistent with its stated purpose, but it actively reads workspace memory/*.md and places full file contents into generated prompts. Before installing or running it: 1) Ensure you do NOT store API keys, tokens, private conversations, or other secrets in workspace/memory. 2) Use the provided evolver-ignore marker (<!-- evolver-ignore -->) at top of any file you must keep private. 3) Run node skills/evolver/bin/evolve.js --dry-run or --review initially so changes are not automatically written or applied. 4) Keep the skill offline or in an isolated environment if you plan to run it against sensitive data—while the skill itself does not perform network calls, any external process (or a user) that forwards the generated prompt to an external model would leak data. 5) Review bin/evolve.js and assets/GENES.md/CAPSULES.md for any changes before giving it persistent background execution; avoid enabling always:true or granting it broader system access. If you want a higher-confidence assessment, provide the remainder of the truncated evolve.js output so we can inspect the prompt-generation and any I/O or exec calls not shown.
Review Dimensions
- Purpose & Capability
- okName and description match the provided code and instructions: the skill scans a workspace memory/ directory for markdown logs, detects error patterns, matches 'Gene' templates and writes capsule/state artifacts. No unrelated credentials, binaries, or external services are requested.
- Instruction Scope
- concernThe runtime instructions and code read all .md files under workspace/memory and explicitly include 'Full source of all included files' inside the generated GEP prompt. While the SKILL.md and code state they do not make external network calls, the prompt contents could contain sensitive user data if memory/ contains secrets. The skill provides a marker (<!-- evolver-ignore -->) to skip files and a warning to avoid storing secrets, but scanning arbitrary workspace files and including their full content in outputs is a potential data-exposure vector and should be carefully controlled. Minor inconsistency: the code claims it intentionally does not use child_process, yet SKILL.md shows user examples that use child_process.fork for backgrounding (the examples are user-side suggestions, not code the skill itself runs).
- Install Mechanism
- okNo install spec or remote downloads are present; this is an instruction-only skill packaged with a local script (bin/evolve.js). No external installers, archives, or untrusted URLs are used.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths and the code does not attempt to read secrets or cloud credentials. That aligns with its stated local-only operation.
- Persistence & Privilege
- notealways:false (default) and the skill is user-invocable. It can run in continuous loop/daemon mode and writes local state to assets/ (evolver-state.json, evolver.pid, CAPSULES.md). This is expected for a self-evolution daemon, but running in continuous background increases the window in which it may scan/modify workspace files—use review/dry-run modes when onboarding.