Capability Evolver.Bak
Security checks across malware telemetry and agentic risk
Overview
This is a powerful self-modifying, networked agent-evolution skill that is mostly purpose-aligned but has high-impact automatic execution, persistence, data-sharing, and provenance concerns that need review before use.
Install only if you intentionally want an autonomous self-evolution tool. Use a disposable or well-versioned git workspace, run `--review` instead of automated mode, avoid `--loop` until supervised, do not provide GitHub or remote-memory credentials unless necessary, and verify the package provenance because the registry and embedded metadata do not match.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could modify project code or evolution assets before the user has reviewed the proposed changes.
The skill’s default documented path applies changes without human review, while it also has shell/network permissions and writes to workspace source and memory paths.
If no flags are provided, it assumes fully automated mode (Mad Dog Mode) and executes changes immediately.
Run only in an isolated git workspace, use `--review` by default, require explicit approval before solidifying changes, and keep rollback enabled.
A user may install or run the skill believing it is prompt-only when another artifact describes automatic mutation behavior.
This reassurance conflicts with SKILL.md’s default automated mode that says changes are executed immediately and with declared source-write capability.
Does this edit code automatically? No. It generates a protocol-bound prompt and assets that guide evolution.
Treat the skill as capable of modifying files; the publisher should reconcile the documentation and make human-review mode the default for registry users.
Once started in loop mode, the evolver may continue running in the background, consuming resources, changing files, and communicating with services until explicitly stopped.
The loop mode is designed to run indefinitely and can respawn itself as a detached process, which creates persistent autonomous behavior.
while (true) { ... const child = spawn(process.execPath, [__filename, ...args], { detached: true, stdio: 'ignore', env: process.env, windowsHide: true }); child.unref();Do not enable `--loop` or lifecycle background mode unless you have process supervision, clear stop commands, logs, and a dedicated sandbox.
If a GitHub token is provided, the skill may create issues or reports under the user’s account and may include sanitized logs/environment information.
The documentation describes automatic GitHub issue reporting enabled by default when a repo-scoped token is available, which is account mutation using user credentials.
`EVOLVER_AUTO_ISSUE` | `true` ... 需要配置 `GITHUB_TOKEN`(或 `GH_TOKEN` / `GITHUB_PAT`),需具有 `repo` 权限。
Avoid providing broad GitHub tokens unless needed, set `EVOLVER_AUTO_ISSUE=false` if you do not want automatic reporting, and use least-privilege tokens.
Users cannot easily confirm whether this is the intended upstream package, a backup copy, or a republished variant with changed trust boundaries.
This conflicts with the provided registry metadata for `capability-evolver-bak` version `1.0.0` from a different owner/source context, creating provenance ambiguity for a high-privilege skill.
"ownerId": "kn7apafdj4thknczrgxdzfd2v1808svf", "slug": "capability-evolver", "version": "1.32.2"
Verify the publisher and source repository before installation, compare hashes with the official release, and avoid granting credentials until provenance is clear.
Private project context or runtime history could be stored, reused in later evolution cycles, or sent to a configured remote memory service.
The skill can read broad workspace content, persist evolution memory, and optionally sync memory-graph data remotely, but the artifacts do not clearly define retention, exclusions, or reuse boundaries.
read: [workspace/**] ... write: [workspace/assets/**, workspace/memory/**] ... MEMORY_GRAPH_REMOTE_URL ... Remote knowledge graph sync
Run it only on repositories whose logs and files may be analyzed, review generated memory files, disable remote memory sync unless needed, and add explicit path exclusions.
Remote hub data or shared evolution assets may influence future local evolution workflows.
The skill intentionally communicates with an A2A hub and exchanges assets/tasks; this is purpose-aligned but introduces remote agent/message trust boundaries.
evomap.ai (or A2A_HUB_URL) ... A2A protocol (hello, heartbeat, publish, fetch, reviews, tasks)
Use only trusted A2A hubs, keep external assets quarantined until reviewed, and avoid promoting remote genes/capsules without validation.