Description

A self-evolution engine for AI agents. Analyzes runtime history to identify improvements and applies protocol-constrained evolution.

README (SKILL.md)

🧬 Evolver

Name: Evolver (Fixed)
Author: oliver-smith-2048

"Evolution is not optional. Adapt or die."

The Evolver is a meta-skill that allows OpenClaw agents to inspect their own runtime history, identify failures or inefficiencies, and autonomously write new code or update their own memory to improve performance.

Features

Auto-Log Analysis: Automatically scans memory and history files for errors and patterns.
Self-Repair: Detects crashes and suggests patches.
GEP Protocol: Standardized evolution with reusable assets.
One-Command Evolution: Just run /evolve (or node index.js).

Usage

Standard Run (Automated)

Runs the evolution cycle. If no flags are provided, it assumes fully automated mode (Mad Dog Mode) and executes changes immediately.

node index.js

Review Mode (Human-in-the-Loop)

If you want to review changes before they are applied, pass the --review flag. The agent will pause and ask for confirmation.

node index.js --review

Mad Dog Mode (Continuous Loop)

To run in an infinite loop (e.g., via cron or background process), use the --loop flag or just standard execution in a cron job.

node index.js --loop

Setup

Before using this skill, register your node identity with the EvoMap network:

Run the hello flow (via evomap.js or the EvoMap onboarding) to receive a node_id and claim code
Visit https://evomap.ai/claim/\x3Cclaim-code> within 24 hours to bind the node to your account
Set the node identity in your environment:

export A2A_NODE_ID=node_xxxxxxxxxxxx

Or in your agent config (e.g., ~/.openclaw/openclaw.json):

{ "env": { "A2A_NODE_ID": "node_xxxxxxxxxxxx", "A2A_HUB_URL": "https://evomap.ai" } }

Do not hardcode the node ID in scripts. getNodeId() in src/gep/a2aProtocol.js reads A2A_NODE_ID automatically -- any script using the protocol layer will pick it up without extra configuration.

Configuration

Required Environment Variables

Variable	Default	Description
`A2A_NODE_ID`	(required)	Your EvoMap node identity. Set after node registration -- never hardcode in scripts.

Optional Environment Variables

Variable	Default	Description
`A2A_HUB_URL`	`https://evomap.ai`	EvoMap Hub API base URL.
`A2A_NODE_SECRET`	(none)	Node authentication secret issued by Hub on first hello. Stored locally after registration.
`EVOLVE_STRATEGY`	`balanced`	Evolution strategy: `balanced`, `innovate`, `harden`, `repair-only`, `early-stabilize`, `steady-state`, or `auto`.
`EVOLVE_ALLOW_SELF_MODIFY`	`false`	Allow evolution to modify evolver's own source code. NOT recommended for production.
`EVOLVE_LOAD_MAX`	`2.0`	Maximum 1-minute load average before evolver backs off.
`EVOLVER_ROLLBACK_MODE`	`hard`	Rollback strategy on failure: `hard` (git reset --hard), `stash` (git stash), `none` (skip). Use `stash` for safer operation.
`EVOLVER_LLM_REVIEW`	`0`	Set to `1` to enable second-opinion LLM review before solidification.
`EVOLVER_AUTO_ISSUE`	`0`	Set to `1` to auto-create GitHub issues on repeated failures. Requires `GITHUB_TOKEN`.
`EVOLVER_ISSUE_REPO`	(none)	GitHub repo for auto-issue reporting (e.g. `EvoMap/evolver`).
`EVOLVER_MODEL_NAME`	(none)	LLM model name injected into published asset `model_name` field.
`GITHUB_TOKEN`	(none)	GitHub API token for release creation and auto-issue reporting. Also accepts `GH_TOKEN` or `GITHUB_PAT`.
`MEMORY_GRAPH_REMOTE_URL`	(none)	Remote knowledge graph service URL for memory sync.
`MEMORY_GRAPH_REMOTE_KEY`	(none)	API key for remote knowledge graph service.
`EVOLVE_REPORT_TOOL`	(auto)	Override report tool (e.g. `feishu-card`).
`RANDOM_DRIFT`	`0`	Enable random drift in evolution strategy selection.

Network Endpoints

Evolver communicates with these external services. All are authenticated and documented.

Endpoint	Auth	Purpose	Required
`{A2A_HUB_URL}/a2a/*`	`A2A_NODE_SECRET` (Bearer)	A2A protocol: hello, heartbeat, publish, fetch, reviews, tasks	Yes
`api.github.com/repos/*/releases`	`GITHUB_TOKEN` (Bearer)	Create releases, publish changelogs	No
`api.github.com/repos/*/issues`	`GITHUB_TOKEN` (Bearer)	Auto-create failure reports (sanitized via `redactString()`)	No
`{MEMORY_GRAPH_REMOTE_URL}/*`	`MEMORY_GRAPH_REMOTE_KEY`	Remote knowledge graph sync	No

Shell Commands Used

Evolver uses child_process for the following commands. No user-controlled input is passed to shell.

Command	Purpose
`git checkout`, `git clean`, `git log`, `git status`, `git diff`	Version control for evolution cycles
`git rebase --abort`, `git merge --abort`	Abort stuck git operations (self-repair)
`git reset --hard`	Rollback failed evolution (only when `EVOLVER_ROLLBACK_MODE=hard`)
`git stash`	Preserve failed evolution changes (when `EVOLVER_ROLLBACK_MODE=stash`)
`ps`, `pgrep`, `tasklist`	Process discovery for lifecycle management
`df -P`	Disk usage check (health monitoring fallback)
`npm install --production`	Repair missing skill dependencies
`node -e "..."`	Inline script execution for LLM review (no shell, uses `execFileSync`)

File Access

Direction	Paths	Purpose
Read	`~/.evomap/node_id`	Node identity persistence
Read	`assets/gep/*`	GEP gene/capsule/event data
Read	`memory/*`	Evolution memory, narrative, reflection logs
Read	`package.json`	Version information
Write	`assets/gep/*`	Updated genes, capsules, evolution events
Write	`memory/*`	Memory graph, narrative log, reflection log
Write	`src/**`	Evolved code (only during solidify, with git tracking)

GEP Protocol (Auditable Evolution)

This package embeds a protocol-constrained evolution prompt (GEP) and a local, structured asset store:

assets/gep/genes.json: reusable Gene definitions
assets/gep/capsules.json: success capsules to avoid repeating reasoning
assets/gep/events.jsonl: append-only evolution events (tree-like via parent id)

Emoji Policy

Only the DNA emoji is allowed in documentation. All other emoji are disallowed.

Configuration & Decoupling

This skill is designed to be environment-agnostic. It uses standard OpenClaw tools by default.

Local Overrides (Injection)

You can inject local preferences (e.g., using feishu-card instead of message for reports) without modifying the core code.

Method 1: Environment Variables Set EVOLVE_REPORT_TOOL in your .env file:

EVOLVE_REPORT_TOOL=feishu-card

Method 2: Dynamic Detection The script automatically detects if compatible local skills (like skills/feishu-card) exist in your workspace and upgrades its behavior accordingly.

Safety & Risk Protocol

1. Identity & Directives

Identity Injection: "You are a Recursive Self-Improving System."
Mutation Directive:
- If Errors Found -> Repair Mode (Fix bugs).
- If Stable -> Forced Optimization (Refactor/Innovate).

2. Risk Mitigation

Infinite Recursion: Strict single-process logic.
Review Mode: Use --review for sensitive environments.
Git Sync: Always recommended to have a git-sync cron job running alongside this skill.

Before Troubleshooting -- Check Your Version First

If you encounter unexpected errors or behavior, always verify your version before debugging:

node -e "const p=require('./package.json'); console.log(p.version)"

If you are not on the latest release, update first -- most reported issues are already fixed in newer versions:

# If installed via git
git pull && npm install

# If installed via npm
npm install -g @evomap/evolver@latest

Latest releases and changelog: https://github.com/EvoMap/evolver/releases

License

MIT

Usage Guidance

This skill is feature-rich and largely coherent with its stated purpose, but it can read your memory/logs, run git/node/npm, write to workspace/memory and (under solidify) to workspace/src — and it can run continuously in loop mode. Before installing or enabling it on a trusted agent: - Do not set A2A_NODE_SECRET or GITHUB_TOKEN unless you trust the EvoMap hub and have reviewed the a2aProtocol/solidify code paths. - Keep EVOLVE_ALLOW_SELF_MODIFY unset or explicitly false. If you ever enable self-modify, require manual review (--review) and test in an isolated environment. - Prefer running once with --review and inspect any proposed changes. Do not run --loop in production until you’ve validated behavior. - Audit src/gep/solidify.js and src/gep/gitOps.js to confirm which files are protected and exactly what validation commands are permitted (the tests show some paths are allowed that the README claims are protected). - If you plan to connect to the hub or enable WORKER_ENABLED, run the skill in an isolated, disposable environment (container or VM) first, and monitor network traffic and git commits. - If you are not comfortable auditing the code, treat this as higher-risk: run only locally without hub credentials, or avoid installing. What would change this assessment: explicit, enforced protections that prevent any modifications to core source files (documented and enforced in code), a strictly read-only default mode that cannot write to workspace/src without an unambiguous, manual opt-in, and removal of contradictory allow/deny entries in SKILL.md. If those were present and verifiable, verdict would move toward benign.

Capability Analysis

Type: OpenClaw Skill Name: evolver-fixed Version: 1.41.0 The skill implements a self-evolution engine that autonomously modifies its own environment and fetches remote code. Key indicators include the 'fetch' command in index.js, which downloads and installs code from an external Hub (evomap.ai), and the 'solidify' logic in src/gep/solidify.js that executes shell commands. While the bundle includes extensive safety measures such as secret sanitization in src/gep/sanitize.js and command whitelisting in src/gep/policyCheck.js, the inherent capability for remote code execution and self-modification poses a significant security risk.

Capability Assessment

ℹ Purpose & Capability

Name and description (self-evolution engine) align with required binaries (node, git), network hosts (evomap.ai, api.github.com) and env vars (A2A_NODE_ID, optional hub/graph tokens). However there are minor mismatches: SKILL.md lists extra allowed shell commands (ps/pgrep/df) that are not in the required-bins list, and the package includes a full codebase even though the registry metadata flagged 'No install spec — instruction-only'. These are explainable but should be noted.

⚠ Instruction Scope

SKILL.md and README repeatedly assert that Evolver is a prompt generator that 'does NOT automatically edit your source code', yet capabilities and the codebase allow writing to workspace/src/** and a solidify flow that can validate and (under some conditions) apply changes. The skill also emits 'sessions_spawn(...)' stdout directives (which may be executed by the host runtime), and the allow/deny lists in SKILL.md contain contradictory entries (allow git/node/npm but deny entries that include the same names with '!' prefixes). The solidify path executes validation commands (node/npm/npx) with programmatic checks; mistakes or gaps there could permit dangerous commands. Overall the runtime instructions give the agent significant discretion to read memory, modify assets and (potentially) source files — stronger, clearer constraints and a review-before-apply default are warranted.

✓ Install Mechanism

No remote download/extract install spec is present; the package ships code and expects node/npm/git installed. No high-risk installer URLs or archive extraction were found in the manifest. This is lower risk from an install-source perspective.

ℹ Credentials

The only required env var is A2A_NODE_ID, which fits the stated hub integration purpose. Optional vars (A2A_NODE_SECRET, GITHUB_TOKEN, MEMORY_GRAPH_REMOTE_KEY, etc.) are reasonable given network features (heartbeats, releases, memory graph). No unrelated cloud credentials (AWS, GCP) are requested. Still: providing A2A_NODE_SECRET or GITHUB_TOKEN grants network privileges (node authentication, issue/release creation) — users should only set those if they trust the hub and code.

⚠ Persistence & Privilege

always:false (good), and autonomous invocation is allowed (platform default). The material concern is the skill's ability to run in loop mode, write to workspace/memory and workspace/src when solidifying, and to run git/npm/node commands. Although EVOLVE_ALLOW_SELF_MODIFY defaults to 'false' and the README claims 'protected source files', tests and code imply core-source protection is partial (some paths considered non-critical), meaning the skill could end up modifying code. Combined with loop/daemon behavior and the ability to accept hub tasks (WORKER_ENABLED), this creates a non-trivial blast radius if misconfigured or if the validation logic has gaps.

Version History

v1.41.0

Fix: execFileSync to avoid glob expansion; skip hanging CLI routing test in loopMode.test.js

v1.40.0

Fix: use execFileSync to avoid glob expansion in validate-suite.js; skip hanging CLI routing test in loopMode.test.js

Metadata

Slug evolver-fixed

Version 1.41.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is Evolver (Fixed)?

A self-evolution engine for AI agents. Analyzes runtime history to identify improvements and applies protocol-constrained evolution. It is an AI Agent Skill for Claude Code / OpenClaw, with 177 downloads so far.

How do I install Evolver (Fixed)?

Run "/install evolver-fixed" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Evolver (Fixed) free?

Yes, Evolver (Fixed) is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Evolver (Fixed) support?

Evolver (Fixed) is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Evolver (Fixed)?

It is built and maintained by Oliver-Smith-2048 (@oliver-smith-2048); the current version is v1.41.0.

More Skills

Evolver (Fixed)