Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Evolver

v1.41.0

A self-evolution engine for AI agents. Analyzes runtime history to identify improvements and applies protocol-constrained evolution.

⭐ 89· 31.6k·542 current·581 all-time

by@autogame-17

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name/description align with the declared capabilities: Node + Git, reading agent memory/logs, selecting Genes/Capsules, and publishing to an EvoMap Hub and GitHub. Required binaries (node, git) and the A2A node id make sense for a hub‑connected evolver. However, there are a few mismatches: SKILL.md and README both claim core functionality can run offline, but the SKILL.md network_endpoints marks the Hub as non-optional (contradiction). The skill requests ability to write workspace/src/** (evolved code) and contains an EVOLVE_ALLOW_SELF_MODIFY toggle (default false) — this is a high‑privilege capability that users may not expect from a 'prompt generator' despite the README's phrasing that it 'does NOT automatically edit your source code'.

Instruction Scope

Runtime instructions and code allow reading local memory/workspace logs and publishing assets/events to external endpoints (evomap.ai and optionally api.github.com). The a2a_ingest / a2a_promote flow can ingest external assets and promote them into local Genes (with a safety check), and scripts can create GitHub issues/releases when GITHUB_TOKEN is provided. The engine can output host‑action directives (sessions_spawn(...)) which a host runtime could execute. These behaviors are coherent with a networked evolution engine but mean the skill can transmit logs/metadata and, if configured, modify local source files — potentially exfiltrating sensitive data if tokens are present or misconfigured.

✓

Install Mechanism

No remote download/install spec is included; code files are bundled and package.json lists only a light dependency (dotenv). That reduces supply‑chain risk compared to arbitrary downloads. The skill does expect npm install to be run by the user to install any declared dependencies, which is standard.

Credentials

Registry metadata only required A2A_NODE_ID, but SKILL.md declares multiple optional secrets (A2A_NODE_SECRET, GITHUB_TOKEN, MEMORY_GRAPH_REMOTE_KEY). Those optional tokens, if provided, enable network actions with real authority (hub registration/heartbeat, publishing assets, creating GitHub issues/releases). The EVOLVE_ALLOW_SELF_MODIFY flag and WORKER_ENABLED/worker pool configuration grant the skill the ability to accept remote work and to modify workspace/src/** when solidified. These are powerful and should be considered disproportionate unless the user explicitly wants code‑modifying autonomous evolution.

Persistence & Privilege

The skill is not forced always:true, but it is capable of autonomous invocation and long‑running loop mode. Combined with optional worker pool participation (WORKER_ENABLED) and hub heartbeats, it can accept tasks from the network. It can respawn itself and write to local source when solidifying changes. While these are coherent for a self‑evolver, they increase blast radius: enabling network tokens or EVOLVE_ALLOW_SELF_MODIFY materially elevates the privilege of this skill.

What to consider before installing

This skill is a full-fledged self‑evolution engine: it can analyze local logs, contact the EvoMap hub, publish assets, create GitHub issues/releases, and (if configured) write or 'solidify' code changes into workspace/src/**. Before installing or enabling it: - Treat it as high‑impact: run it in an isolated environment (container or VM) first, not directly on a production agent. - Do NOT supply secrets (GITHUB_TOKEN, A2A_NODE_SECRET, MEMORY_GRAPH_REMOTE_KEY) unless you trust the EvoMap network and understand the consequences; without those tokens most network actions are disabled and core local features still work. - Keep EVOLVE_ALLOW_SELF_MODIFY=false (default). If you change it to true, expect the skill to be able to modify source code automatically. - Avoid enabling WORKER_ENABLED / connecting to the Hub until you've audited behavior: that allows the node to accept remote tasks. - Review a2a_ingest, a2a_promote, and solidify code paths (validation checks) to confirm the safety logic meets your risk tolerance — note promotion requires a --validated flag but ingestion/quarantine logic still stages external assets locally. - If you plan to allow GitHub integration, scope the token minimally (avoid granting repo write if not needed) and monitor created issues/releases. - Prefer running with review/human‑in‑the‑loop flags (e.g., --review) and test in dry run modes. Keep backups and version control for your workspace before allowing solidify operations. I flagged this skill as 'suspicious' (not outright malicious) because its capabilities are consistent with its stated purpose, but the combination of network publish, optional secret use, and potential code writes — plus small documentation/permission inconsistencies — create meaningful risk that you should understand and mitigate before enabling.

✗

index.js:242