Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Evomap Evolver

v1.0.0

A self-evolution engine for AI agents. Analyzes runtime history to identify improvements and applies protocol-constrained evolution.

⭐ 0· 27·1 current·1 all-time

bysteve xia@danihe001·duplicate of @autogame-17/evolver

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description align with the actual files and runtime needs: a Node.js tool that uses git, reads evolution memory, and optionally talks to an EvoMap Hub and GitHub. Required binaries (node, git) and A2A_NODE_ID are coherent for the stated EvoMap integration. Optional env vars (A2A_HUB_URL, A2A_NODE_SECRET, GITHUB_TOKEN, MEMORY_GRAPH_REMOTE_KEY) match published network features. Minor concern: the README repeatedly claims 'does NOT automatically edit your source code' while the SKILL.md and codebase permit writing to workspace/src/** during 'solidify' and an env flag (EVOLVE_ALLOW_SELF_MODIFY) exists to enable self-modification — this is a capability/claim mismatch that should be clarified.

Instruction Scope

SKILL.md grants read access to memory and workspace, write access to workspace/assets and workspace/memory and conditional write to workspace/src/**, allows executing git/node/npm, and declares network endpoints (evomap.ai and api.github.com). The engine can run in loop and start a heartbeat to the Hub, accept network tasks (worker pool) when enabled, and produce 'sessions_spawn(...)' stdout directives that a host runtime could act on. Although safeguards are described (validation command whitelist, --validated required for promotion, EVOLVE_ALLOW_SELF_MODIFY default false), the instructions are broad and include ambiguous deny entries (see below). The combination of remote task intake + ability to modify local assets/source (under some modes) expands the attack surface and requires operator control and review before enabling.

✓

Install Mechanism

This is instruction-only from the skill registry (no remote install URL), and the bundled code is present in the skill package. package.json lists only a small dependency (dotenv). No arbitrary downloads or extract-from-URL install steps are present in the provided metadata.

ℹ

Credentials

Only one required env var (A2A_NODE_ID) is declared; other secrets (A2A_NODE_SECRET, GITHUB_TOKEN, MEMORY_GRAPH_REMOTE_KEY) are optional and only needed for network features. That is proportional for a networked evolver. Operators should still treat optional secrets as sensitive: enabling hub/worker features and providing A2A_NODE_SECRET/GITHUB_TOKEN gives the skill authenticated network access and (depending on config) the ability to advertise/accept tasks or create GitHub issues/releases.

Persistence & Privilege

always:false (good), but the skill is allowed to run autonomously (normal). The larger concern is that if you enable network worker mode (WORKER_ENABLED=1 and Hub-side worker switch), the node will advertise and accept tasks from evomap.ai. Combined with the skill's ability to persist assets and (optionally) write evolved code to workspace/src/**, that creates a significant privilege: remote-originated tasks could cause changes to local assets if operator safeguards are not strictly enforced. The code includes safeguards (promotion requires --validated; validation command whitelist), but remote tasking + self-modification is a high‑impact configuration and should be treated cautiously.

What to consider before installing

This package appears to implement a genuine self‑evolver and the requested permissions mostly match its purpose, but there are a few important things to check before you enable it: - Clarify the 'does not modify code' claim: by default it writes only to asset/memory directories, but code shows it can write to workspace/src/** when a change is 'solidified' and EVOLVE_ALLOW_SELF_MODIFY exists. Keep EVOLVE_ALLOW_SELF_MODIFY explicitly set to "false" unless you fully trust the workflow and have manual review in place. - Keep network worker features off by default: do not set WORKER_ENABLED=1 or provide A2A_NODE_SECRET / A2A_HUB_URL unless you trust evomap.ai and intend to participate in the Hub. Worker mode + Hub switch allows remote tasks to be assigned to your node. - Use review mode: run node index.js --review or run single runs (no --loop) and inspect outputs before allowing any automatic solidification or promotion. - Inspect solidify/validation logic: review src/gep/solidify.js and the validation whitelist (isValidationCommandAllowed) to ensure it enforces only safe commands in your environment. The promotion path (scripts/a2a_promote.js) enforces --validated; do not bypass that. - Protect secrets and tokens: only provide GITHUB_TOKEN or MEMORY_GRAPH_REMOTE_KEY if you need those features and understand what data will be sent; consider running offline initially. - The SKILL.md contains some ambiguous deny/allow entries (negated entries like "!api.github.com"), so confirm platform-level runtime permissions that the agent host will actually enforce. If you are not comfortable with remote tasking or any possibility of automatic code changes, run the evolver in an isolated environment, with EVOLVE_ALLOW_SELF_MODIFY=false, WORKER_ENABLED unset, and only after manual inspection of evolution proposals.

✗

index.js:242