Back to skill
Skillv1.0.0
VirusTotal security
Evolver Repo · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:01 AM
- Hash
- 1a2bd5981e6b87733e236422a328cab13177398ab46e0ce6bcb31cdb5a6745c8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: evolver-repo Version: 1.0.0 The OpenClaw AgentSkills skill bundle is classified as 'suspicious' due to its inherent capabilities for self-modification, execution of shell commands, and network communication, despite robust security measures. Key indicators include `solidify.js` executing `node`, `npm`, or `npx` commands from Gene validation steps, `evolve.js` outputting `sessions_spawn` commands for potential host execution, and `a2aProtocol.js` communicating with an external 'EvoMap Hub'. While the project demonstrates strong security intent through features like `sanitize.js` (redacting sensitive data), `isValidationCommandAllowed` (whitelisting and sanitizing commands), `isCriticalProtectedPath` (preventing core file modification), and strict prompt injection defenses in `prompt.js`, these powerful capabilities necessitate a 'suspicious' classification rather than 'benign' due to their high-risk nature if safeguards were to fail or be bypassed.
- External report
- View on VirusTotal