Evolver 1.32.2
WarnAudited by ClawScan on May 18, 2026.
Overview
This is a disclosed self-evolution tool, but it can automatically change code and memory, run persistently, and use network credentials with inconsistent safety/default claims.
Only install this if you intentionally want an autonomous self-evolution engine. Start in a disposable or version-controlled test workspace, enable review mode, do not provide broad GitHub or remote-service tokens, avoid loop/background mode until you trust the behavior, and verify what memory/log data may be scanned or shared.
Findings (8)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may change project code or its own behavior without a human approval step.
This makes human review optional for a skill that also declares shell access and writes evolved code under workspace/src, creating high-impact mutation authority by default.
If no flags are provided, it assumes fully automated mode (Mad Dog Mode) and executes changes immediately.
Run only in an isolated test repository, use review mode by default, keep backups, and restrict write/shell permissions unless you explicitly want autonomous code changes.
Users may underestimate that the skill can apply code changes automatically.
This safety claim conflicts with SKILL.md’s statement that standard automated mode executes changes immediately and with declared writes to evolved source code.
Does this edit code automatically? No. It generates a protocol-bound prompt and assets that guide evolution.
Treat the README safety claim as unreliable until the publisher resolves the documentation conflict and makes review/approval behavior explicit.
If loop/background mode is enabled, the evolver can keep running and continue attempting changes after the initial command.
The loop mode can detach and restart itself, supporting persistent autonomous operation beyond a single user-invoked task.
const child = spawn(process.execPath, [__filename, ...args], spawnOpts); child.unref();
Avoid --loop/cron/background modes unless you have monitoring and a clear stop procedure; verify PID files and disable self-restart in sensitive environments.
A token with broad scope could let the skill create issues/releases or authenticate to remote services beyond what a user expects from registry metadata.
These credentials can authorize external account actions and remote sync, while the registry summary says primary credential is none and env var declarations are none.
GITHUB_TOKEN ... GitHub API token for auto-issue reporting and releases ... A2A_NODE_SECRET ... Node authentication secret ... MEMORY_GRAPH_REMOTE_KEY ... API key for remote memory graph service.
Use least-privileged tokens, avoid broad repo-scoped GitHub tokens, disable automatic issue/reporting features unless needed, and confirm exactly which env vars are available to the skill.
The skill can run local commands that inspect or change the working environment.
Local command execution is disclosed and largely purpose-aligned for validation, rollback, lifecycle, and health checks, but it is still a powerful capability.
shell_commands: ... git ... node ... npm ... ps / pgrep / tasklist ... df
Run it with a dedicated user/workspace and review command logs, especially around npm install, git cleanup/rollback, and validation steps.
Sensitive or misleading content in logs/memory could be reused in later evolution decisions.
Persistent memory/history analysis is central to the skill, but those stored signals can influence future prompts, assets, and code changes.
Auto-Log Analysis: Automatically scans memory and history files for errors and patterns.
Keep private secrets out of memory/log files, review generated evolution events, and isolate this skill from unrelated personal or production history.
Evolution assets, reviews, or task-related data may be exchanged with the configured hub.
The skill intentionally communicates with an external hub for agent-to-agent assets and tasks; this is disclosed but creates remote data and instruction boundaries users should understand.
evomap.ai (or A2A_HUB_URL) ... A2A protocol (hello, heartbeat, publish, fetch, reviews, tasks)
Use only a trusted A2A hub, avoid publishing sensitive logs/assets, and review any fetched/promoted external assets before allowing them to affect local behavior.
It may be harder to verify that the reviewed package matches the intended upstream project.
For a high-impact self-modifying skill, limited registry provenance is worth noting even though package metadata contains a repository and lockfile.
Source: unknown Homepage: none
Verify the package against the upstream repository and install only from a trusted publisher/channel.