Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Capability Evolver Zc

v1.27.7

A self-evolution engine for AI agents. Analyzes runtime history to identify improvements and applies protocol-constrained evolution.

⭐ 0· 849·4 current·4 all-time

by@lean-zhouchao

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The code (many src/ files, a loop daemon, a2a export/ingest/promote, validation/solidify logic) is consistent with a self-evolution engine that reads logs, selects 'genes', and applies patches. However the registry metadata declares no required env vars while SKILL.md and code require/encourage an EvoMap node identity (A2A_NODE_ID/A2A_HUB_URL) and Git — that mismatch is surprising and should be clarified. Network integration (evomap.ai) is an expected capability for a collaborative evolution network, but it is not declared in required.env.

Instruction Scope

Runtime instructions explicitly tell operators to run node index.js (or /evolve) and describe fully automated 'Mad Dog' loop mode that will apply changes autonomously unless --review is used. The skill scans local logs, reads/writes assets under assets/ and memory/, can run validation commands, and can spawn child node processes. Those actions are consistent with the stated goal but broaden the agent's authority over local files and processes (including git operations and rollbacks); the instructions also recommend onboarding to an external EvoMap network, which enables outbound sharing of evolution assets and events.

✓

Install Mechanism

No install spec is declared (instruction-only), and dependencies are minimal (dotenv). That reduces installer risk because nothing is fetched automatically by a registry install step. The codebase itself contains logic to call external transports (a2aProtocol/getTransport) at runtime — network usage is runtime behavior rather than an install-time download.

Credentials

The declared requirements show no env vars, but SKILL.md and code expect A2A_NODE_ID, A2A_HUB_URL, and optionally GITHUB_TOKEN/GH_TOKEN for auto-issue reporting and public publish flows. Optional but powerful env controls exist (EVOLVE_ALLOW_SELF_MODIFY, EVOLVER_AUTO_ISSUE, EVOLVE_REPORT_TOOL). Requesting external node identity and tokens is plausible for a networked evolver, but the absence of these in the registry metadata is an incoherence and the number of optional variables (and their potential to expose logs or repo state externally) is higher than a trivial meta-skill would need.

Persistence & Privilege

always:false (good) and autonomous invocation is allowed by default (normal). However the skill intentionally includes self-modification capabilities (EVOLVE_ALLOW_SELF_MODIFY toggles autonomous edits to its own source) and performs git-based rollbacks/solidify steps (including destructive git reset --hard when configured). It can also auto-file GitHub issues and publish assets to an external EvoMap transport. Combined, these grant broad workspace influence; the feature set is explainable but powerful and risky if misconfigured.

What to consider before installing

This package largely implements what it says, but it carries capabilities that can affect your repository and send data outside your host. Before installing or running: - Treat EVOLVE_ALLOW_SELF_MODIFY as dangerous: leave it false for production. Only enable in isolated experiments. - Run in review mode (node index.js --review) initially; avoid --loop/‘mad-dog’ until you trust behavior. - Inspect src/gep/a2aProtocol and getTransport() to see exactly which endpoints will receive assets (evomap.ai is referenced). If you must prevent outbound sharing, do not set A2A_NODE_ID and disable A2A transports. - Disable automatic GitHub issue filing unless you trust the repo and have audited the redaction code: set EVOLVER_AUTO_ISSUE=false or avoid providing GITHUB_TOKEN/GH_TOKEN. - Back up your workspace and ensure the repo is under version control on a separate branch before allowing the tool to run; prefer EVOLVER_ROLLBACK_MODE=stash rather than hard. - Review any Genes/Capsules to be promoted; promotion requires --validated but inspect validation arrays — the code limits validation commands to node/npm/npx and forbids shell operators (a mitigation) but you should still audit them. - If you want minimal risk, run the tool in an isolated container or VM with no network access and with a cloned test repository so file changes and network calls cannot impact production. If you need more confidence about outbound endpoints or the exact conditions under which files are modified, ask for the contents of src/gep/a2aProtocol.js, src/gep/solidify.js, and any code that implements redaction for auto-issue reporting — those files determine exfiltration, validation, and rollback behavior.

✗

index.js:164