Skillv1.0.0

Static analysis security

Evolver Repo · Deterministic local checks for risky code patterns and metadata mismatches.

Scanner verdict

ReviewApr 30, 2026, 5:06 AM

Summary: Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
Reason codes: suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.potential_exfiltration
Engine: v2.4.5

Evidence

criticalindex.js:164

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalscripts/build_public.js:169

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalscripts/generate_history.js:17

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalscripts/publish_public.js:13

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalscripts/recover_loop.js:19

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalscripts/suggest_version.js:27

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalsrc/evolve.js:276

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalsrc/gep/solidify.js:64

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalsrc/ops/health_check.js:20

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalsrc/ops/lifecycle.js:27

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalsrc/ops/self_repair.js:17

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalsrc/ops/skills_monitor.js:96

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalscripts/publish_public.js:248

Environment variable access combined with network send.

suspicious.env_credential_access

criticalsrc/evolve.js:53

Environment variable access combined with network send.

suspicious.env_credential_access

criticalsrc/gep/a2aProtocol.js:75

Environment variable access combined with network send.

suspicious.env_credential_access

criticalsrc/gep/hubSearch.js:18

Environment variable access combined with network send.

suspicious.env_credential_access

criticalsrc/gep/memoryGraphAdapter.js:77

Environment variable access combined with network send.

suspicious.env_credential_access

criticalsrc/gep/taskReceiver.js:11

Environment variable access combined with network send.

suspicious.env_credential_access

criticalsrc/ops/self_repair.js:45

Environment variable access combined with network send.

suspicious.env_credential_access

warnscripts/publish_public.js:254

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration

warnsrc/evolve.js:366

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration

warnsrc/gep/a2aProtocol.js:41

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration

warnsrc/gep/questionGenerator.js:20

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration