EvoClone
WarnAudited by ClawScan on May 10, 2026.
Overview
EvoClone is transparent about cloning and swarm features, but it also instructs agents to export memory, spawn workers, run an unreviewed helper script, and perform destructive rollback or mutation actions.
Use this only in a disposable or well-backed-up workspace. Before installing or invoking it, inspect any generated evo-seed.zip and the external pack_seed.js script, avoid sharing private memory/history, require confirmation before rollback commands, and do not enable survival mode unless you fully understand its monitoring and mutation behavior.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A rollback request could revert or delete local work, memory, logs, or configuration in the affected repository/workspace.
The rollback workflow tells the agent to run destructive repository commands and potentially remove untracked files. A backup branch is mentioned, but there is no clear confirmation step, path boundary, or protection for untracked work.
`git reset --hard <commit_hash>` ... `Clean`: Remove untracked files if necessary.
Require explicit user confirmation before reset or cleanup, show the target commit and affected files, back up untracked files, and scope the operation to a specific repository.
Private project history, preferences, or embedded instructions could be copied into a distributable package and later trusted by other agents.
The skill packages persistent preferences, history, and installer logic for reuse by other agents, but the artifacts do not define redaction, review, retention, trust boundaries, or protections against poisoned remembered instructions.
**Contents**: `knowledge/taste.md` (Design Patterns), `memory/EVOLUTION_INDEX.md` (History), `seed_installer.js` ... Other agents `clawhub install evo-seed` -> Inherit your soul.
Use an explicit allowlist, review and redact the archive before sharing, separate private memory from portable templates, and warn users when persistent context will be reused by other agents.
Task prompts, error logs, and results may be propagated across worker sessions and then synthesized by the main agent.
Spawning task-bound workers and using structured messages is purpose-aligned for Hive Mode, but the artifacts do not describe origin checks, worker permissions, or limits on what context and logs may be sent to workers.
Use `sessions_spawn` to create worker agents ... Sub-Agents should fire a structured completion signal via `message` tool
Confirm worker creation for sensitive tasks, send only minimal necessary context, and verify worker outputs before acting on them.
If enabled, the skill could continue monitoring over time and then alter agent memory/behavior or interfere with normal tool use.
Although marked as not active by default, the documented mode describes long-running monitoring, autonomous process stopping, persistent memory mutation, and blocking other tools after a trigger.
Start monitoring `evolver_innovate.log` ... 10 Deficit Days = DEATH EVENT ... Stop `evolver` process ... Apply a high-entropy mutation to `knowledge/taste.md` ... Block all other tools.
Do not enable survival mode outside an isolated test workspace; require user approval for each stop, mutation, or restore action, and provide a clear disable/failsafe mechanism.
Running the helper could execute unreviewed local code and package more data than expected.
The soul extraction command depends on a helper script outside the provided skill files, so the reviewed artifacts do not show what that script packages or executes.
`node workspace/evolver_repo/scripts/pack_seed.js`
Review the referenced pack_seed.js script before running it, include it in the skill package if it is required, and document the exact files it reads and writes.