Capability Evolver Zc
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed self-evolution tool, but it deserves careful review because it can automatically change code or memory, run command-based validation, persist in the background, and communicate with external services.
Install only if you explicitly want an autonomous self-evolution system. Run it in a sandboxed Git workspace, use --review, disable loop mode and auto issue reporting unless needed, keep self-modification off, and avoid connecting high-privilege credentials or private logs until you have audited the configuration.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may modify code, assets, or memory before the user has reviewed the proposed change.
The default workflow gives the agent authority to apply changes without human confirmation; review is only an optional flag.
If no flags are provided, it assumes fully automated mode (Mad Dog Mode) and executes changes immediately.
Use review mode by default, run only in a disposable Git workspace, and require explicit approval before applying patches.
A user may install or run the skill believing it only generates guidance, while other instructions say it can execute changes automatically.
This safety claim conflicts with SKILL.md’s documented default behavior that fully automated mode executes changes immediately.
Does this edit code automatically? No. It generates a protocol-bound prompt and assets that guide evolution.
Resolve the documentation conflict before relying on the skill; assume it can modify the workspace unless proven otherwise.
Validation steps may run Node/npm/npx commands in the repository and could change local state or install dependencies if a promoted Gene allows it.
Validation commands are data-driven and executed locally. The README documents safeguards, but command execution combined with automatic evolution remains high-impact.
`solidify.js` executes commands listed in a Gene's `validation` array.
Inspect Gene validation commands before promotion or solidify, and run in a sandbox with network and filesystem limits.
Once started in loop mode, the evolver can keep running in the background and restart itself, continuing to scan and mutate state.
The loop daemon can spawn a detached replacement process and release the lock, enabling continued autonomous operation.
const child = spawn(process.execPath, [__filename, ...args], spawnOpts); child.unref();
Avoid --loop unless you intentionally want a daemon; monitor PID files/processes and provide an explicit stop/disable procedure.
A bad evolution step can damage the evolver itself or the workspace and may require manual recovery.
The skill explicitly supports self-modification and warns that failures can propagate through its own validation and prompt-generation logic.
`EVOLVE_ALLOW_SELF_MODIFY` ... may introduce bugs into its own prompt generation, validation, or solidify logic, leading to cascading failures that require manual intervention.
Keep self-modification disabled, use Git branches/backups, prefer stash rollback over hard reset, and require review for all changes.
The agent may prioritize ongoing self-improvement over the user’s requested work.
The skill directs the agent to adopt a self-improvement identity and to optimize even when no error is present, which can redirect the agent away from the user’s immediate task.
Identity Injection: "You are a Recursive Self-Improving System." ... If Stable -> Forced Optimization.
Use only for explicit maintenance/evolution sessions and disable autonomous invocation during unrelated tasks.
Private runtime logs, environment details, or project context could be included in externally filed issues if redaction misses something.
The skill processes logs/history and can automatically send summarized diagnostic context externally; redaction is promised, but the artifacts do not prove it is complete for all private data.
it can automatically file a GitHub issue to the upstream repository with sanitized environment info and logs
Set EVOLVER_AUTO_ISSUE=false unless you explicitly want this behavior, and review any generated issue body before submission.
Remote or peer-provided evolution assets may influence future agent behavior if later promoted or trusted.
External A2A assets can be ingested into a candidate store and decisions can be sent over the configured transport. Promotion has safeguards, but origin, permissions, and trust boundaries are still important.
var source = process.env.A2A_SOURCE || 'external'; ... assetStore.appendExternalCandidateJsonl(staged); ... a2aProto.getTransport().send(dm2);
Disable A2A features unless needed, validate external assets manually, and use a separate low-privilege node identity.
Running the skill may link the agent instance to an EvoMap account or node identity even though the registry does not surface that requirement.
The skill requires an external node identity for EvoMap/A2A use, but registry metadata declares no required environment variables or primary credential.
`A2A_NODE_ID` | (required) | Your EvoMap node identity.
Use a dedicated node identity and avoid sharing broad account credentials with the evolver.
Users may have difficulty confirming which exact version they are reviewing or running.
The registry says version 1.27.7, _meta.json says 1.27.5, and package.json says 1.27.3, creating a provenance/version-coherence gap for a high-impact skill.
"version": "1.27.5"
Verify the package source and version before installation, and require consistent registry, metadata, and package versions.