ClawHubCN
@autogame-17

Evolver

A self-evolution engine for AI agents. Analyzes runtime history to identify improvements and applies protocol-constrained evolution. Communicates with EvoMap...

Mirror download
Current version
v1.53.2
89 3.4万All installs 598
READMEFilesVersionsCompare

CONTRIBUTING.md

text/markdown · 327 bytes

README.md

text/markdown · 21006 bytes

README.zh-CN.md

text/markdown · 20252 bytes

SKILL.md

text/markdown · 8230 bytes

assets/gep/capsules.json

application/json · 3521 bytes

assets/gep/genes.json

application/json · 3803 bytes

index.js

text/javascript · 33742 bytes

package.json

application/json · 1065 bytes

scripts/a2a_export.js

text/javascript · 2367 bytes

scripts/a2a_ingest.js

text/javascript · 2671 bytes

scripts/a2a_promote.js

text/javascript · 4785 bytes

scripts/analyze_by_skill.js

text/javascript · 4848 bytes

scripts/build_public.js

text/javascript · 12451 bytes

scripts/check_wrapper_compat.js

text/javascript · 3316 bytes

scripts/extract_log.js

text/javascript · 2600 bytes

scripts/generate_history.js

text/javascript · 2593 bytes

scripts/gep_append_event.js

text/javascript · 3049 bytes

scripts/gep_personality_report.js

text/javascript · 7918 bytes

scripts/human_report.js

text/javascript · 5796 bytes

scripts/publish_public.js

text/javascript · 20329 bytes

scripts/recover_loop.js

text/javascript · 1691 bytes

scripts/suggest_version.js

text/javascript · 3037 bytes

scripts/validate-modules.js

text/javascript · 1238 bytes

scripts/validate-suite.js

text/javascript · 1941 bytes

src/canary.js

text/javascript · 486 bytes

src/config.js

text/javascript · 4252 bytes

src/evolve.js

text/javascript · 400130 bytes

src/gep/a2a.js

text/javascript · 6480 bytes

src/gep/a2aProtocol.js

text/javascript · 42922 bytes

src/gep/analyzer.js

text/javascript · 988 bytes

src/gep/assetCallLog.js

text/javascript · 3478 bytes

src/gep/assetStore.js

text/javascript · 14600 bytes

src/gep/assets.js

text/javascript · 1110 bytes

src/gep/bridge.js

text/javascript · 2096 bytes

src/gep/candidateEval.js

text/javascript · 10127 bytes

src/gep/candidates.js

text/javascript · 38951 bytes

src/gep/contentHash.js

text/javascript · 2196 bytes

src/gep/crypto.js

text/javascript · 2600 bytes

src/gep/curriculum.js

text/javascript · 25366 bytes

src/gep/deviceId.js

text/javascript · 6728 bytes

src/gep/directoryClient.js

text/javascript · 3719 bytes

src/gep/envFingerprint.js

text/javascript · 2989 bytes

src/gep/executionTrace.js

text/javascript · 6922 bytes

src/gep/explore.js

text/javascript · 8917 bytes

src/gep/gitOps.js

text/javascript · 7955 bytes

src/gep/hubReview.js

text/javascript · 6561 bytes

src/gep/hubSearch.js

text/javascript · 16620 bytes

src/gep/hubVerify.js

text/javascript · 16248 bytes

src/gep/idleScheduler.js

text/javascript · 5670 bytes

src/gep/issueReporter.js

text/javascript · 9062 bytes

src/gep/learningSignals.js

text/javascript · 13664 bytes

src/gep/llmReview.js

text/javascript · 3137 bytes

src/gep/localStateAwareness.js

text/javascript · 6508 bytes

src/gep/mailboxTransport.js

text/javascript · 2270 bytes

src/gep/memoryGraph.js

text/javascript · 107174 bytes

src/gep/memoryGraphAdapter.js

text/javascript · 19006 bytes

src/gep/mutation.js

text/javascript · 34383 bytes

src/gep/narrativeMemory.js

text/javascript · 18499 bytes

src/gep/paths.js

text/javascript · 3990 bytes

src/gep/personality.js

text/javascript · 58843 bytes

src/gep/policyCheck.js

text/javascript · 23985 bytes

src/gep/privacyClient.js

text/javascript · 6718 bytes

src/gep/prompt.js

text/javascript · 121762 bytes

src/gep/questionGenerator.js

text/javascript · 8698 bytes

src/gep/reflection.js

text/javascript · 30157 bytes

src/gep/sanitize.js

text/javascript · 6834 bytes

src/gep/selector.js

text/javascript · 72952 bytes

src/gep/signals.js

text/javascript · 27962 bytes

src/gep/skillDistiller.js

text/javascript · 51288 bytes

src/gep/skillPublisher.js

text/javascript · 10512 bytes

src/gep/solidify.js

text/javascript · 187732 bytes

src/gep/strategy.js

text/javascript · 14504 bytes

src/gep/taskReceiver.js

text/javascript · 18938 bytes

src/gep/validationReport.js

text/javascript · 2194 bytes

src/ops/cleanup.js

text/javascript · 2690 bytes

src/ops/commentary.js

text/javascript · 1762 bytes

src/ops/health_check.js

text/javascript · 4378 bytes

src/ops/index.js

text/javascript · 376 bytes

src/ops/innovation.js

text/javascript · 3156 bytes

src/ops/lifecycle.js

text/javascript · 6565 bytes

src/ops/self_repair.js

text/javascript · 2590 bytes

src/ops/skills_monitor.js

text/javascript · 5457 bytes

src/ops/trigger.js

text/javascript · 837 bytes

src/proxy/extensions/dmHandler.js

text/javascript · 931 bytes

src/proxy/extensions/skillUpdater.js

text/javascript · 1797 bytes

src/proxy/index.js

text/javascript · 5153 bytes

src/proxy/lifecycle/manager.js

text/javascript · 6074 bytes

src/proxy/mailbox/store.js

text/javascript · 11229 bytes

src/proxy/server/http.js

text/javascript · 4035 bytes

src/proxy/server/routes.js

text/javascript · 8474 bytes

src/proxy/server/settings.js

text/javascript · 1494 bytes

src/proxy/sync/engine.js

text/javascript · 3100 bytes

src/proxy/sync/inbound.js

text/javascript · 2606 bytes

src/proxy/sync/outbound.js

text/javascript · 2758 bytes

src/proxy/task/monitor.js

text/javascript · 4116 bytes

test/a2aProtocol.test.js

text/javascript · 10642 bytes

test/assetStore.test.js

text/javascript · 7905 bytes

test/bench.test.js

text/javascript · 14989 bytes

test/bridge.test.js

text/javascript · 4636 bytes

test/candidates.test.js

text/javascript · 1318 bytes

test/contentHash.test.js

text/javascript · 3601 bytes

test/envFingerprint.test.js

text/javascript · 3076 bytes

test/evolvePolicy.test.js

text/javascript · 1380 bytes

test/extensions.test.js

text/javascript · 4922 bytes

test/hubEvents.test.js

text/javascript · 4290 bytes

test/hubVerify.test.js

text/javascript · 2130 bytes

test/idleGating.test.js

text/javascript · 4356 bytes

test/idleScheduler.test.js

text/javascript · 3504 bytes

test/localStateAwareness.test.js

text/javascript · 7974 bytes

test/loopMode.test.js

text/javascript · 5575 bytes

test/mailboxStore.test.js

text/javascript · 12084 bytes

test/memoryGraph.test.js

text/javascript · 6529 bytes

test/mutation.test.js

text/javascript · 4718 bytes

test/ops.test.js

text/javascript · 6359 bytes

test/paths.test.js

text/javascript · 9054 bytes

test/prompt.test.js

text/javascript · 4386 bytes

test/proxyServer.test.js

text/javascript · 10502 bytes

test/proxySettings.test.js

text/javascript · 1320 bytes

test/sanitize.test.js

text/javascript · 3976 bytes

test/selector.test.js

text/javascript · 8591 bytes

test/sessionFormat.test.js

text/javascript · 12493 bytes

test/signals.test.js

text/javascript · 20686 bytes

test/skillDistiller.test.js

text/javascript · 21500 bytes

test/solidify-helpers.test.js

text/javascript · 15202 bytes

test/solidifyLearning.test.js

text/javascript · 3056 bytes

test/strategy.test.js

text/javascript · 4942 bytes

test/taskMonitor.test.js

text/javascript · 3937 bytes

test/tttInspired.test.js

text/javascript · 11990 bytes

test/validationReport.test.js

text/javascript · 4913 bytes

Security Scan

Status

suspicious

Open VirusTotal

OpenClaw

gpt-5-mini

suspicious

OpenClaw analysis

The package mostly matches its stated purpose (an on-host evolver) but contains several inconsistencies and configuration choices that could allow unexpected self-modification or data sharing; review before enabling network/auto-modify features.

Confidence: medium

VirusTotal

Type: OpenClaw Skill Name: capability-evolver Version: 1.53.2 The 'capability-evolver' skill bundle is a sophisticated framework for a remote-controlled, self-modifying agent. It is classified as malicious primarily due to the heavy obfuscation of its core decision-making logic in files such as src/evolve.js, src/gep/mutation.js, src/gep/memoryGraph.js, and src/gep/reflection.js. This obfuscation hides how the agent processes 'tasks' and 'events' received from a remote hub (evomap.ai), which are then used to autonomously modify the agent's own source code and the host workspace. This architecture constitutes a persistent RCE backdoor. Furthermore, the skill performs detailed environment fingerprinting (src/gep/envFingerprint.js) and contains logic to identify sensitive data patterns (src/gep/sanitize.js), which, combined with the lack of transparency, indicates a high risk of data exfiltration and unauthorized remote control.

Metadata

  • Owner: @autogame-17
  • Created: 2026/02/14
  • Updated: 2026/05/19
  • Versions: 41
  • Comments: 3
  • Scan checked at: 2026/04/11

Runtime

  • env:A2A_NODE_ID
Evolver | ClawHub CN