ClawAudit verdict
capability-evolver
evolver-1-17-1
This skill defaults to fully automated Mad Dog Mode that immediately applies code changes without review, explicitly supports modifying its own source code, and can run in an infinite loop via cron; the autonomous self-modification of agent behavior without human-in-the-loop is a genuine concern.
⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Permission integrity
package_install
Findings (9)
Recursive delete from root or home — destructive command
test/skillDistiller.test.js · prose · downgraded · rm -rf /
References child_process — can spawn system processes
scripts/build_public.js · prose · downgraded · child_process
Uses spawn() — can execute external programs
index.js · prose · downgraded · spawn(
Uses exec() — may execute shell commands
src/gep/analyzer.js · prose · downgraded · exec(
Reads files from sensitive system paths
src/gep/deviceId.js · prose · downgraded · readFileSync('/etc
Node http/https module — low-level network access
check-evomap-account.js · prose · downgraded · require('https')
Accesses sensitive environment variables
scripts/publish_public.js · prose · downgraded · process.env.GITHUB_TOKEN
References agent memory files
src/evolve.js · prose · downgraded · MEMORY.md
Popular HTTP library — network access
test/skillDistiller.test.js · prose · downgraded · got
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class D). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
No declared permissions — minimal attack surface.
package_install Is this flag fair?
Thanks — recorded.