Evolver (Fixed)

v1.41.0

A self-evolution engine for AI agents. Analyzes runtime history to identify improvements and applies protocol-constrained evolution.

⭐ 0· 168·0 current·0 all-time

by@oliver-smith-2048·fork of @autogame-17/evolver (1.39.0)

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for oliver-smith-2048/evolver-fixed.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Evolver (Fixed)" (oliver-smith-2048/evolver-fixed) from ClawHub.
Skill page: https://clawhub.ai/oliver-smith-2048/evolver-fixed
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: A2A_NODE_ID
Required binaries: node, git
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install evolver-fixed

ClawHub CLI

Package manager switcher

npx clawhub@latest install evolver-fixed

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name and description (self-evolution engine) align with required binaries (node, git), network hosts (evomap.ai, api.github.com) and env vars (A2A_NODE_ID, optional hub/graph tokens). However there are minor mismatches: SKILL.md lists extra allowed shell commands (ps/pgrep/df) that are not in the required-bins list, and the package includes a full codebase even though the registry metadata flagged 'No install spec — instruction-only'. These are explainable but should be noted.

Instruction Scope

SKILL.md and README repeatedly assert that Evolver is a prompt generator that 'does NOT automatically edit your source code', yet capabilities and the codebase allow writing to workspace/src/** and a solidify flow that can validate and (under some conditions) apply changes. The skill also emits 'sessions_spawn(...)' stdout directives (which may be executed by the host runtime), and the allow/deny lists in SKILL.md contain contradictory entries (allow git/node/npm but deny entries that include the same names with '!' prefixes). The solidify path executes validation commands (node/npm/npx) with programmatic checks; mistakes or gaps there could permit dangerous commands. Overall the runtime instructions give the agent significant discretion to read memory, modify assets and (potentially) source files — stronger, clearer constraints and a review-before-apply default are warranted.

✓

Install Mechanism

No remote download/extract install spec is present; the package ships code and expects node/npm/git installed. No high-risk installer URLs or archive extraction were found in the manifest. This is lower risk from an install-source perspective.

ℹ

Credentials

The only required env var is A2A_NODE_ID, which fits the stated hub integration purpose. Optional vars (A2A_NODE_SECRET, GITHUB_TOKEN, MEMORY_GRAPH_REMOTE_KEY, etc.) are reasonable given network features (heartbeats, releases, memory graph). No unrelated cloud credentials (AWS, GCP) are requested. Still: providing A2A_NODE_SECRET or GITHUB_TOKEN grants network privileges (node authentication, issue/release creation) — users should only set those if they trust the hub and code.

Persistence & Privilege

always:false (good), and autonomous invocation is allowed (platform default). The material concern is the skill's ability to run in loop mode, write to workspace/memory and workspace/src when solidifying, and to run git/npm/node commands. Although EVOLVE_ALLOW_SELF_MODIFY defaults to 'false' and the README claims 'protected source files', tests and code imply core-source protection is partial (some paths considered non-critical), meaning the skill could end up modifying code. Combined with loop/daemon behavior and the ability to accept hub tasks (WORKER_ENABLED), this creates a non-trivial blast radius if misconfigured or if the validation logic has gaps.

Scan Findings in Context

[pre_scan_injection] expected: Static pre-scan reported no injection signals. This doesn't prove safety; many risky behaviors are in plain JS logic (solidify, git ops, a2a protocol) rather than obfuscated patterns.

What to consider before installing

This skill is feature-rich and largely coherent with its stated purpose, but it can read your memory/logs, run git/node/npm, write to workspace/memory and (under solidify) to workspace/src — and it can run continuously in loop mode. Before installing or enabling it on a trusted agent: - Do not set A2A_NODE_SECRET or GITHUB_TOKEN unless you trust the EvoMap hub and have reviewed the a2aProtocol/solidify code paths. - Keep EVOLVE_ALLOW_SELF_MODIFY unset or explicitly false. If you ever enable self-modify, require manual review (--review) and test in an isolated environment. - Prefer running once with --review and inspect any proposed changes. Do not run --loop in production until you’ve validated behavior. - Audit src/gep/solidify.js and src/gep/gitOps.js to confirm which files are protected and exactly what validation commands are permitted (the tests show some paths are allowed that the README claims are protected). - If you plan to connect to the hub or enable WORKER_ENABLED, run the skill in an isolated, disposable environment (container or VM) first, and monitor network traffic and git commits. - If you are not comfortable auditing the code, treat this as higher-risk: run only locally without hub credentials, or avoid installing. What would change this assessment: explicit, enforced protections that prevent any modifications to core source files (documented and enforced in code), a strictly read-only default mode that cannot write to workspace/src without an unambiguous, manual opt-in, and removal of contradictory allow/deny entries in SKILL.md. If those were present and verifiable, verdict would move toward benign.

✗

index.js:242