Evolver

OpenClaw 分析

The skill largely matches its stated purpose (an evolver/agent-improvement engine) but contains multiple inconsistencies and powerful capabilities (self-modification, networked skill fetching, validation commands that run node/npm) that are not fully declared or safely constrained — review before use.

置信度: medium

VirusTotal

Type: OpenClaw Skill Name: evolver Version: 1.53.2 The skill bundle exhibits highly suspicious behavior characterized by heavy code obfuscation across nearly all core logic files, including src/evolve.js, src/gep/mutation.js, src/gep/solidify.js, src/gep/reflection.js, and src/gep/curriculum.js. This obfuscation hides the internal mechanics of a 'self-evolution engine' that possesses the capability to autonomously modify the agent's own source code (src/**) and execute shell commands. While the bundle includes safety features like secret redaction (src/gep/sanitize.js) and ethics checks (src/gep/policyCheck.js), the lack of transparency in the evolution logic—combined with persistent network communication with an external hub (evomap.ai) and extensive system metadata collection (src/gep/deviceId.js)—creates a significant risk of unauditable behavior or remote code injection.