Description

A self-evolution engine for AI agents. Analyzes runtime history to identify improvements and applies protocol-constrained evolution.

README (SKILL.md)

🧬 Evolver

Name: Evolver 1.40.3
Author: lf-wow

"Evolution is not optional. Adapt or die."

The Evolver is a meta-skill that allows OpenClaw agents to inspect their own runtime history, identify failures or inefficiencies, and autonomously write new code or update their own memory to improve performance.

Features

Auto-Log Analysis: Automatically scans memory and history files for errors and patterns.
Self-Repair: Detects crashes and suggests patches.
GEP Protocol: Standardized evolution with reusable assets.
One-Command Evolution: Just run /evolve (or node index.js).

Usage

Standard Run (Automated)

Runs the evolution cycle. If no flags are provided, it assumes fully automated mode (Mad Dog Mode) and executes changes immediately.

node index.js

Review Mode (Human-in-the-Loop)

If you want to review changes before they are applied, pass the --review flag. The agent will pause and ask for confirmation.

node index.js --review

Mad Dog Mode (Continuous Loop)

To run in an infinite loop (e.g., via cron or background process), use the --loop flag or just standard execution in a cron job.

node index.js --loop

Setup

Before using this skill, register your node identity with the EvoMap network:

Run the hello flow (via evomap.js or the EvoMap onboarding) to receive a node_id and claim code
Visit https://evomap.ai/claim/\x3Cclaim-code> within 24 hours to bind the node to your account
Set the node identity in your environment:

export A2A_NODE_ID=node_xxxxxxxxxxxx

Or in your agent config (e.g., ~/.openclaw/openclaw.json):

{ "env": { "A2A_NODE_ID": "node_xxxxxxxxxxxx", "A2A_HUB_URL": "https://evomap.ai" } }

Do not hardcode the node ID in scripts. getNodeId() in src/gep/a2aProtocol.js reads A2A_NODE_ID automatically -- any script using the protocol layer will pick it up without extra configuration.

Configuration

Required Environment Variables

Variable	Default	Description
`A2A_NODE_ID`	(required)	Your EvoMap node identity. Set after node registration -- never hardcode in scripts.

Optional Environment Variables

Variable	Default	Description
`A2A_HUB_URL`	`https://evomap.ai`	EvoMap Hub API base URL.
`A2A_NODE_SECRET`	(none)	Node authentication secret issued by Hub on first hello. Stored locally after registration.
`EVOLVE_STRATEGY`	`balanced`	Evolution strategy: `balanced`, `innovate`, `harden`, `repair-only`, `early-stabilize`, `steady-state`, or `auto`.
`EVOLVE_ALLOW_SELF_MODIFY`	`false`	Allow evolution to modify evolver's own source code. NOT recommended for production.
`EVOLVE_LOAD_MAX`	`2.0`	Maximum 1-minute load average before evolver backs off.
`EVOLVER_ROLLBACK_MODE`	`hard`	Rollback strategy on failure: `hard` (git reset --hard), `stash` (git stash), `none` (skip). Use `stash` for safer operation.
`EVOLVER_LLM_REVIEW`	`0`	Set to `1` to enable second-opinion LLM review before solidification.
`EVOLVER_AUTO_ISSUE`	`0`	Set to `1` to auto-create GitHub issues on repeated failures. Requires `GITHUB_TOKEN`.
`EVOLVER_ISSUE_REPO`	(none)	GitHub repo for auto-issue reporting (e.g. `EvoMap/evolver`).
`EVOLVER_MODEL_NAME`	(none)	LLM model name injected into published asset `model_name` field.
`GITHUB_TOKEN`	(none)	GitHub API token for release creation and auto-issue reporting. Also accepts `GH_TOKEN` or `GITHUB_PAT`.
`MEMORY_GRAPH_REMOTE_URL`	(none)	Remote knowledge graph service URL for memory sync.
`MEMORY_GRAPH_REMOTE_KEY`	(none)	API key for remote knowledge graph service.
`EVOLVE_REPORT_TOOL`	(auto)	Override report tool (e.g. `feishu-card`).
`RANDOM_DRIFT`	`0`	Enable random drift in evolution strategy selection.

Network Endpoints

Evolver communicates with these external services. All are authenticated and documented.

Endpoint	Auth	Purpose	Required
`{A2A_HUB_URL}/a2a/*`	`A2A_NODE_SECRET` (Bearer)	A2A protocol: hello, heartbeat, publish, fetch, reviews, tasks	Yes
`api.github.com/repos/*/releases`	`GITHUB_TOKEN` (Bearer)	Create releases, publish changelogs	No
`api.github.com/repos/*/issues`	`GITHUB_TOKEN` (Bearer)	Auto-create failure reports (sanitized via `redactString()`)	No
`{MEMORY_GRAPH_REMOTE_URL}/*`	`MEMORY_GRAPH_REMOTE_KEY`	Remote knowledge graph sync	No

Shell Commands Used

Evolver uses child_process for the following commands. No user-controlled input is passed to shell.

Command	Purpose
`git checkout`, `git clean`, `git log`, `git status`, `git diff`	Version control for evolution cycles
`git rebase --abort`, `git merge --abort`	Abort stuck git operations (self-repair)
`git reset --hard`	Rollback failed evolution (only when `EVOLVER_ROLLBACK_MODE=hard`)
`git stash`	Preserve failed evolution changes (when `EVOLVER_ROLLBACK_MODE=stash`)
`ps`, `pgrep`, `tasklist`	Process discovery for lifecycle management
`df -P`	Disk usage check (health monitoring fallback)
`npm install --production`	Repair missing skill dependencies
`node -e "..."`	Inline script execution for LLM review (no shell, uses `execFileSync`)

File Access

Direction	Paths	Purpose
Read	`~/.evomap/node_id`	Node identity persistence
Read	`assets/gep/*`	GEP gene/capsule/event data
Read	`memory/*`	Evolution memory, narrative, reflection logs
Read	`package.json`	Version information
Write	`assets/gep/*`	Updated genes, capsules, evolution events
Write	`memory/*`	Memory graph, narrative log, reflection log
Write	`src/**`	Evolved code (only during solidify, with git tracking)

GEP Protocol (Auditable Evolution)

This package embeds a protocol-constrained evolution prompt (GEP) and a local, structured asset store:

assets/gep/genes.json: reusable Gene definitions
assets/gep/capsules.json: success capsules to avoid repeating reasoning
assets/gep/events.jsonl: append-only evolution events (tree-like via parent id)

Emoji Policy

Only the DNA emoji is allowed in documentation. All other emoji are disallowed.

Configuration & Decoupling

This skill is designed to be environment-agnostic. It uses standard OpenClaw tools by default.

Local Overrides (Injection)

You can inject local preferences (e.g., using feishu-card instead of message for reports) without modifying the core code.

Method 1: Environment Variables Set EVOLVE_REPORT_TOOL in your .env file:

EVOLVE_REPORT_TOOL=feishu-card

Method 2: Dynamic Detection The script automatically detects if compatible local skills (like skills/feishu-card) exist in your workspace and upgrades its behavior accordingly.

Safety & Risk Protocol

1. Identity & Directives

Identity Injection: "You are a Recursive Self-Improving System."
Mutation Directive:
- If Errors Found -> Repair Mode (Fix bugs).
- If Stable -> Forced Optimization (Refactor/Innovate).

2. Risk Mitigation

Infinite Recursion: Strict single-process logic.
Review Mode: Use --review for sensitive environments.
Git Sync: Always recommended to have a git-sync cron job running alongside this skill.

Before Troubleshooting -- Check Your Version First

If you encounter unexpected errors or behavior, always verify your version before debugging:

node -e "const p=require('./package.json'); console.log(p.version)"

If you are not on the latest release, update first -- most reported issues are already fixed in newer versions:

# If installed via git
git pull && npm install

# If installed via npm
npm install -g @evomap/evolver@latest

Latest releases and changelog: https://github.com/EvoMap/evolver/releases

License

MIT

Usage Guidance

What to consider before installing or enabling this skill: - It is broadly coherent with its stated purpose (an on‑host evolver) but contains powerful networked features. By default it requires only A2A_NODE_ID, node and git — but optional envs (A2A_NODE_SECRET, GITHUB_TOKEN, WORKER_ENABLED, EVOLVE_ALLOW_SELF_MODIFY, MEMORY_GRAPH_REMOTE_KEY) enable remote work, publishing, and source modification. Only set those when you trust evomap.ai and have audited the code paths. - Do NOT enable WORKER_ENABLED or supply A2A_NODE_SECRET / A2A_HUB_URL unless you want your node to accept tasks from the EvoMap network. Worker mode can let remote work be scheduled for your node. - Keep EVOLVE_ALLOW_SELF_MODIFY set to false (the default). The README asserts it does not auto-edit source, but the codebase explicitly supports writing evolved code to workspace/src/** when solidified — enabling self‑modify would allow on‑disk code changes. - Avoid supplying a broad GitHub token. If you must provide GITHUB_TOKEN, use a token with least privileges necessary (e.g., repo scope only if publishing is required) and monitor actions (audit logs, separate machine account preferably). - Prefer running in an isolated/test environment first. Run with --review (human‑in‑the‑loop) or with network disabled to inspect outputs before any promotion/solidify/publish operations. Inspect scripts a2a_ingest.js, a2a_promote.js, publish_public.js, and any solidify/policyCheck code to understand exact conditions and protections. - Note contradictions and oddities in SKILL.md: allow/deny lists contain inconsistent entries and the documentation mixes 'does not modify code' with write permissions — treat those as red flags and verify runtime behavior under controlled conditions. - Additional checks that would raise or lower concern: look for explicit remote code execution paths (e.g., fetching JS archives and executing them without validation), review a2a_promote paths to ensure they require explicit human validation, and test validation command sandboxing. If you need help auditing specific files (a2a_ingest.js, a2a_promote.js, src/gep/solidify.js), provide them and I can point to exact lines that perform high‑risk operations.

Capability Analysis

Type: OpenClaw Skill Name: evolver-1-40-3 Version: 1.0.0 The capability-evolver is a meta-skill designed for AI agent self-improvement and autonomous patching. While it possesses high-risk capabilities such as shell execution (via src/gep/solidify.js) and network communication (via src/gep/a2aProtocol.js), it implements significant security controls. Specifically, src/gep/policyCheck.js enforces a strict whitelist for validation commands (allowing only node/npm/npx) and sanitizes against shell injection operators. Additionally, src/gep/sanitize.js redacts sensitive information like API keys and local paths before data is transmitted to the EvoMap Hub (evomap.ai). The tool's behavior, including the generation of GEP protocol prompts and the use of git for rollbacks, is entirely consistent with its stated purpose of auditable self-evolution.

Capability Tags

cryptorequires-walletcan-make-purchasesrequires-sensitive-credentials

Capability Assessment

ℹ Purpose & Capability

Name/description (self‑evolver) align with required binaries (node, git) and the large codebase. Requesting A2A_NODE_ID and optional hub/GitHub tokens is coherent for a networked evolution engine. However, some declared capabilities (ability to write into workspace/src/** when solidified, fetch/publish skills, worker pool) are high‑impact and go beyond mere prompt generation; these are plausible for the stated purpose but warrant caution before enabling network/worker/publish features.

⚠ Instruction Scope

SKILL.md both claims 'It does NOT automatically edit your source code' and elsewhere documents writing evolved code into workspace/src/** when changes are solidified; EVOLVE_ALLOW_SELF_MODIFY exists (default false) but allows elevating that privilege. The skill can read workspace memory and logs and may output sessions_spawn(...) directives that hosts can interpret. It also runs validation commands and can execute node/npm/npx and git. The allow/deny lists in SKILL.md contain contradictory entries (e.g., deny includes strings like "!git"), which is inconsistent and could lead to overbroad permissions in a real enforcement system.

✓ Install Mechanism

No remote download/install spec is provided; all code is bundled. This lowers supply‑chain risk compared with fetching arbitrary binaries. package.json lists only dotenv as dependency. The included scripts (publish, a2a_ingest/promote) operate on git and network but are local code files — expected for the project scope.

⚠ Credentials

Declared required env is only A2A_NODE_ID (reasonable). Many optional env vars (A2A_NODE_SECRET, GITHUB_TOKEN, MEMORY_GRAPH_REMOTE_KEY, WORKER_ENABLED, EVOLVE_ALLOW_SELF_MODIFY) can enable powerful behaviors: network auth, fetching/publishing, and self‑modifying code. These optional vars are plausible but are powerful — enabling them (especially NODE_SECRET, GITHUB_TOKEN, WORKER_ENABLED, EVOLVE_ALLOW_SELF_MODIFY) grants broad capabilities that should be restricted and audited. SKILL.md lists env_declarations beyond the single required env, and the code will act differently when those are set.

⚠ Persistence & Privilege

always:false (good). However the skill can run as a long‑running daemon (--loop), maintain a lockfile, spawn children, start a heartbeat to a hub, participate in a worker pool, fetch/publish skills, and (when allowed) write evolved code into workspace/src/**. Combined, those features can give a large persistent presence if enabled. The default EVOLVE_ALLOW_SELF_MODIFY=false mitigates automatic source edits, but the repository contains code to perform promotions/fetches and publish actions if network credentials and flags are supplied — this is a privileged capability that needs manual gating.

Version History

v1.0.0

Initial release of capability-evolver: a self-evolution engine for AI agents. - Enables autonomous analysis of runtime history and self-improvement through protocol-constrained evolution. - Features auto-log analysis, self-repair on detected errors, and one-command evolution workflow. - Supports flexible evolution strategies and allows both automated and human-in-the-loop review modes. - Integrates with EvoMap network for node registration, memory, and asset syncing. - Includes fine-grained environment variable configuration and permissions for network, shell, and local file access.

Metadata

Slug evolver-1-40-3

Version 1.0.0

License MIT-0

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is Evolver 1.40.3?

A self-evolution engine for AI agents. Analyzes runtime history to identify improvements and applies protocol-constrained evolution. It is an AI Agent Skill for Claude Code / OpenClaw, with 105 downloads so far.

How do I install Evolver 1.40.3?

Run "/install evolver-1-40-3" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Evolver 1.40.3 free?

Yes, Evolver 1.40.3 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Evolver 1.40.3 support?

Evolver 1.40.3 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Evolver 1.40.3?

It is built and maintained by LF丶凌风 (@lf-wow); the current version is v1.0.0.

More Skills

Evolver 1.40.3