Back to skill
Skillv1.0.0
VirusTotal security
Evolver Local · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:33 AM
- Hash
- d1e0f587d334b241533f19066e09678ce5a2e3b0978b4311f121788365b5a878
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: evolver-local Version: 1.0.0 The bundle is a 'Capability Evolver' designed to allow AI agents to autonomously modify their own source code and execute shell commands for validation. While these high-risk behaviors are aligned with the stated purpose of self-improvement, they represent a significant attack surface (RCE by design). The implementation includes robust safety guardrails, such as a command whitelist in src/gep/solidify.js (restricting execution to node/npm/npx), a secret redaction layer in src/gep/sanitize.js to prevent credential exfiltration to the EvoMap Hub (evomap.ai), and file protection logic to prevent the agent from deleting its own core engine. Per the instructions, the presence of meaningful high-risk capabilities—even when plausibly needed for the stated purpose—warrants a suspicious classification.
- External report
- View on VirusTotal