ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Evolver Repo

v1.0.0

A self-evolution engine for AI agents. Analyzes runtime history to identify improvements and applies protocol-constrained evolution.

0· 492·4 current·4 all-time
by@wuzimaki
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The repo implements a self‑evolution engine consistent with the name/description (log analysis, genes/capsules, solidify flow). However the registry metadata claimed no required binaries/env yet README and code require Git and Node >=18 and optionally use GITHUB_TOKEN/GH_TOKEN for publishing. That mismatch (registry says 'none' while the project expects Git and may use release tokens) is an incoherence to surface.
!
Instruction Scope
SKILL.md and index.js instruct running node index.js (loop or review modes). At runtime the code reads repository files, memory/logs, .env (via dotenv), runs git commands, and can execute validation commands (via solidify) taken from Genes/Capsules when promoted. The a2a scripts and protocol call getTransport().send(...) allowing external asset exchange. These behaviors go beyond a narrow 'analyze only' scope and grant broad file/system access and the ability to execute code derived from assets — risky without strict operational controls.
Install Mechanism
There is no remote install step or external download in the registry spec; the package is shipped with full source files and a small dependency (dotenv). No extract-from-URL installs were observed. This is lower install-time risk, but the code itself will be written to disk and executed when installed.
!
Credentials
The skill declares no required envs, but SKILL.md and code read many optional environment variables (EVOLVE_ALLOW_SELF_MODIFY, EVOLVE_REPORT_TOOL, EVOLVE_STRATEGY, A2A_* variables, and publishing vars such as GITHUB_TOKEN/GH_TOKEN). The code loads .env automatically. Access to arbitrary .env/GitHub tokens and to the repository (git commands) is disproportionate relative to the minimal registry declaration and increases the risk of secret exposure or unintended publishing/actions.
Persistence & Privilege
always:false (so not force‑installed). The skill can run as a long‑running daemon, create lockfiles, spawn child processes for self‑restart, and (if enabled) apply changes to the codebase. EVOLVE_ALLOW_SELF_MODIFY defaults to false, which limits autonomous self‑editing by default, but turning it on grants the skill high privilege to alter its own source and run validation commands. Autonomous invocation combined with external asset ingestion and validation execution increases blast radius if misused.
What to consider before installing
This repo is functionally what it claims (a self‑evolver), but it carries substantial power and a few inconsistencies. Before installing or running it: 1) Treat .env and any repo secrets as sensitive — the code loads .env automatically and may use tokens like GITHUB_TOKEN if set. 2) Do not enable EVOLVE_ALLOW_SELF_MODIFY in production; keep it false for experiments. 3) Run first in review mode (--review) and in an isolated sandbox/container with no access to sensitive repos or credentials. 4) Audit src/gep/solidify.js and the Gene validation handling — validation commands may be restricted to node/npm/npx but those can still run arbitrary JS. 5) If you will use A2A ingestion/export, require strict manual validation before promoting external Genes/Capsules (the scripts require --validated for promotion). 6) Ensure Git is available and you understand the repo will call git; back up the repository and enable git hooks/branch protection if you plan to let it modify code. 7) If you need lower risk, remove/disable A2A transports and any publishing paths (GITHUB_TOKEN), and run only the analysis/reporting parts. If you want me to, I can scan the specific solidify.js and a2aProtocol implementations for the exact validation/transport logic and surface any code paths that would execute arbitrary remote commands.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e8qbx7n1pwmwtzvjyhvz5sn826r1p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments