Capability Evolver
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to locally analyze user-provided logs and generate improvement recommendations, with the main caution that logs may contain sensitive or instruction-like text.
This appears safe to install for local log analysis, but review its recommendations before applying changes and redact secrets or sensitive operational details from logs before submitting them.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or accidental log message could appear inside a recommendation and influence an agent or user if the output is applied without review.
The skill copies user-supplied log message text into pattern and evolution descriptions. This is expected for log analysis, but if logs contain prompt-like instructions, downstream agents should treat them as data, not commands.
const key = log.message.slice(0, 100); ... description: msg ... description: `Fix: ${pattern.description}`Review recommendations before acting on them, and keep log-message text clearly delimited or sanitized when using outputs in automated workflows.
Sensitive errors, stack traces, file names, or operational details could be included in the agent context and returned in summaries or recommendations.
The documented workflows involve feeding runtime, staging, production, or fleet-wide logs into the skill. This is purpose-aligned, and the artifacts state local processing, but logs can contain sensitive operational data.
Export last 1000 log entries ... Analyze logs from staging environment ... Aggregate logs from all agents
Avoid including secrets in logs, redact sensitive values before analysis, and do not persist or share the generated summaries more broadly than intended.