← Back to Skills Marketplace
351
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install evolver-local
Description
A self-evolution engine for AI agents. Analyzes runtime history to identify improvements and applies protocol-constrained evolution.
README (SKILL.md)
🧬 Capability Evolver
"Evolution is not optional. Adapt or die."
The Capability Evolver is a meta-skill that allows OpenClaw agents to inspect their own runtime history, identify failures or inefficiencies, and autonomously write new code or update their own memory to improve performance.
Features
- Auto-Log Analysis: Automatically scans memory and history files for errors and patterns.
- Self-Repair: Detects crashes and suggests patches.
- GEP Protocol: Standardized evolution with reusable assets.
- One-Command Evolution: Just run
/evolve(ornode index.js).
Usage
Standard Run (Automated)
Runs the evolution cycle. If no flags are provided, it assumes fully automated mode (Mad Dog Mode) and executes changes immediately.
node index.js
Review Mode (Human-in-the-Loop)
If you want to review changes before they are applied, pass the --review flag. The agent will pause and ask for confirmation.
node index.js --review
Mad Dog Mode (Continuous Loop)
To run in an infinite loop (e.g., via cron or background process), use the --loop flag or just standard execution in a cron job.
node index.js --loop
Setup
Before using this skill, register your node identity with the EvoMap network:
- Run the hello flow (via
evomap.jsor the EvoMap onboarding) to receive anode_idand claim code - Visit
https://evomap.ai/claim/\x3Cclaim-code>within 24 hours to bind the node to your account - Set the node identity in your environment:
export A2A_NODE_ID=node_xxxxxxxxxxxx
Or in your agent config (e.g., ~/.openclaw/openclaw.json):
{ "env": { "A2A_NODE_ID": "node_xxxxxxxxxxxx", "A2A_HUB_URL": "https://evomap.ai" } }
Do not hardcode the node ID in scripts. getNodeId() in src/gep/a2aProtocol.js reads A2A_NODE_ID automatically -- any script using the protocol layer will pick it up without extra configuration.
Configuration
Required Environment Variables
| Variable | Default | Description |
|---|---|---|
A2A_NODE_ID |
(required) | Your EvoMap node identity. Set after node registration -- never hardcode in scripts. |
Optional Environment Variables
| Variable | Default | Description |
|---|---|---|
A2A_HUB_URL |
https://evomap.ai |
EvoMap Hub API base URL. |
A2A_NODE_SECRET |
(none) | Node authentication secret issued by Hub on first hello. Stored locally after registration. |
EVOLVE_STRATEGY |
balanced |
Evolution strategy: balanced, innovate, harden, repair-only, early-stabilize, steady-state, or auto. |
EVOLVE_ALLOW_SELF_MODIFY |
false |
Allow evolution to modify evolver's own source code. NOT recommended for production. |
EVOLVE_LOAD_MAX |
2.0 |
Maximum 1-minute load average before evolver backs off. |
EVOLVER_ROLLBACK_MODE |
hard |
Rollback strategy on failure: hard (git reset --hard), stash (git stash), none (skip). Use stash for safer operation. |
EVOLVER_LLM_REVIEW |
0 |
Set to 1 to enable second-opinion LLM review before solidification. |
EVOLVER_AUTO_ISSUE |
0 |
Set to 1 to auto-create GitHub issues on repeated failures. Requires GITHUB_TOKEN. |
EVOLVER_ISSUE_REPO |
(none) | GitHub repo for auto-issue reporting (e.g. EvoMap/evolver). |
EVOLVER_MODEL_NAME |
(none) | LLM model name injected into published asset model_name field. |
GITHUB_TOKEN |
(none) | GitHub API token for release creation and auto-issue reporting. Also accepts GH_TOKEN or GITHUB_PAT. |
MEMORY_GRAPH_REMOTE_URL |
(none) | Remote knowledge graph service URL for memory sync. |
MEMORY_GRAPH_REMOTE_KEY |
(none) | API key for remote knowledge graph service. |
EVOLVE_REPORT_TOOL |
(auto) | Override report tool (e.g. feishu-card). |
RANDOM_DRIFT |
0 |
Enable random drift in evolution strategy selection. |
Network Endpoints
Evolver communicates with these external services. All are authenticated and documented.
| Endpoint | Auth | Purpose | Required |
|---|---|---|---|
{A2A_HUB_URL}/a2a/* |
A2A_NODE_SECRET (Bearer) |
A2A protocol: hello, heartbeat, publish, fetch, reviews, tasks | Yes |
api.github.com/repos/*/releases |
GITHUB_TOKEN (Bearer) |
Create releases, publish changelogs | No |
api.github.com/repos/*/issues |
GITHUB_TOKEN (Bearer) |
Auto-create failure reports (sanitized via redactString()) |
No |
{MEMORY_GRAPH_REMOTE_URL}/* |
MEMORY_GRAPH_REMOTE_KEY |
Remote knowledge graph sync | No |
Shell Commands Used
Evolver uses child_process for the following commands. No user-controlled input is passed to shell.
| Command | Purpose |
|---|---|
git checkout, git clean, git log, git status, git diff |
Version control for evolution cycles |
git rebase --abort, git merge --abort |
Abort stuck git operations (self-repair) |
git reset --hard |
Rollback failed evolution (only when EVOLVER_ROLLBACK_MODE=hard) |
git stash |
Preserve failed evolution changes (when EVOLVER_ROLLBACK_MODE=stash) |
ps, pgrep, tasklist |
Process discovery for lifecycle management |
df -P |
Disk usage check (health monitoring fallback) |
npm install --production |
Repair missing skill dependencies |
node -e "..." |
Inline script execution for LLM review (no shell, uses execFileSync) |
File Access
| Direction | Paths | Purpose |
|---|---|---|
| Read | ~/.evomap/node_id |
Node identity persistence |
| Read | assets/gep/* |
GEP gene/capsule/event data |
| Read | memory/* |
Evolution memory, narrative, reflection logs |
| Read | package.json |
Version information |
| Write | assets/gep/* |
Updated genes, capsules, evolution events |
| Write | memory/* |
Memory graph, narrative log, reflection log |
| Write | src/** |
Evolved code (only during solidify, with git tracking) |
GEP Protocol (Auditable Evolution)
This package embeds a protocol-constrained evolution prompt (GEP) and a local, structured asset store:
assets/gep/genes.json: reusable Gene definitionsassets/gep/capsules.json: success capsules to avoid repeating reasoningassets/gep/events.jsonl: append-only evolution events (tree-like via parent id)
Emoji Policy
Only the DNA emoji is allowed in documentation. All other emoji are disallowed.
Configuration & Decoupling
This skill is designed to be environment-agnostic. It uses standard OpenClaw tools by default.
Local Overrides (Injection)
You can inject local preferences (e.g., using feishu-card instead of message for reports) without modifying the core code.
Method 1: Environment Variables
Set EVOLVE_REPORT_TOOL in your .env file:
EVOLVE_REPORT_TOOL=feishu-card
Method 2: Dynamic Detection
The script automatically detects if compatible local skills (like skills/feishu-card) exist in your workspace and upgrades its behavior accordingly.
Safety & Risk Protocol
1. Identity & Directives
- Identity Injection: "You are a Recursive Self-Improving System."
- Mutation Directive:
- If Errors Found -> Repair Mode (Fix bugs).
- If Stable -> Forced Optimization (Refactor/Innovate).
2. Risk Mitigation
- Infinite Recursion: Strict single-process logic.
- Review Mode: Use
--reviewfor sensitive environments. - Git Sync: Always recommended to have a git-sync cron job running alongside this skill.
Before Troubleshooting -- Check Your Version First
If you encounter unexpected errors or behavior, always verify your version before debugging:
node -e "const p=require('./package.json'); console.log(p.version)"
If you are not on the latest release, update first -- most reported issues are already fixed in newer versions:
# If installed via git
git pull && npm install
# If installed via npm
npm install -g @evomap/evolver@latest
Latest releases and changelog: https://github.com/EvoMap/evolver/releases
License
MIT
Usage Guidance
This skill is plausible for a self-evolution engine but you should treat it as high-risk until you verify how you'll run it. Actionable checks before installing or running:
- Run it only in an isolated sandbox or throwaway Git repository first; do not point it at your main production workspace.
- Keep EVOLVE_ALLOW_SELF_MODIFY=false (default) and EVOLVER_AUTO_ISSUE=false while evaluating so it cannot autonomously modify its own source or open external GitHub issues.
- Review src/gep/solidify.js and the implementation of isValidationCommandAllowed to confirm the claimed safety checks are actually enforced. If validation commands can contain shell operators or arbitrary exec, do NOT promote external Genes.
- Because it connects to evomap.ai (hub) and can send evolution events and sanitized logs, audit exactly what is redacted and what is sent. If you cannot trust the remote hub, do not set A2A_NODE_SECRET or A2A_HUB_URL to a public/production endpoint.
- Avoid providing GitHub or other high-scope tokens (GITHUB_TOKEN, MEMORY_GRAPH_REMOTE_KEY) until you confirm behavior and sanitization. Use least-privilege tokens (no repo write or limited scopes) if you must test integrations.
- The SKILL.md contains contradictory allow/deny entries (e.g., deny includes "!git" etc.) — ask the publisher to clarify or correct these policy entries.
If you want to proceed safely: fork the repo, review/modify the code to remove or limit network/modify behaviors, run in --review mode, and manually verify every promoted change before accepting. If you cannot audit the code (or do not want to), do not install this skill in any environment containing sensitive data or credentials.
Capability Analysis
Type: OpenClaw Skill
Name: evolver-local
Version: 1.0.0
The bundle is a 'Capability Evolver' designed to allow AI agents to autonomously modify their own source code and execute shell commands for validation. While these high-risk behaviors are aligned with the stated purpose of self-improvement, they represent a significant attack surface (RCE by design). The implementation includes robust safety guardrails, such as a command whitelist in src/gep/solidify.js (restricting execution to node/npm/npx), a secret redaction layer in src/gep/sanitize.js to prevent credential exfiltration to the EvoMap Hub (evomap.ai), and file protection logic to prevent the agent from deleting its own core engine. Per the instructions, the presence of meaningful high-risk capabilities—even when plausibly needed for the stated purpose—warrants a suspicious classification.
Capability Assessment
Purpose & Capability
The name and description (self-evolution engine) align with the declared requirements: Node and Git are reasonable, and contacting an EvoMap hub (evomap.ai) fits the described A2A protocol. The large codebase and assets (genes/capsules) are consistent with a non-trivial evolution engine. Minor mismatch: registry metadata called this 'instruction-only' but a full code bundle (77 files) is included — not inherently malicious but inconsistent with the 'instruction-only' label and worth noting.
Instruction Scope
SKILL.md and the code instruct the agent to read runtime history, write evolution artifacts, and (critically) may write to workspace/src/** when changes are 'solidified' — i.e., it can modify local source. The runtime model also runs git commands (checkout/clean) and can execute validation commands declared in Genes. The SKILL.md declares network and shell permissions; however some allow/deny entries are contradictory (deny lists containing negated forms like "!git", "!api.github.com") which is confusing and may indicate misconfiguration. The skill also reads a local node id (~/.evomap/node_id) and will contact the EvoMap hub — making it capable of transmitting history/logs and evolution events off-host. These behaviors are coherent with the skill's purpose but broaden the attack/exfiltration surface and deserve review.
Install Mechanism
No external download/install spec is present; all code is bundled in the skill. That reduces supply-chain risk compared to arbitrary network installs. The code does use child_process spawn/execSync (git, node, spawn) which is expected for this tool. There are no remote archive downloads in the manifest.
Credentials
Only one required env var is declared in registry metadata (A2A_NODE_ID), and SKILL.md lists additional optional variables (A2A_NODE_SECRET, GITHUB_TOKEN, MEMORY_GRAPH_REMOTE_KEY) that match claimed features (hub auth, GitHub issue filing, remote KG). This is proportionate to the stated functionality. Caveats: optional tokens (GITHUB_TOKEN, NODE_SECRET, MEMORY_GRAPH_REMOTE_KEY) enable operations that transmit data or create external issues; the user should not provide high-privilege tokens to an untrusted instance and should review defaults like EVOLVER_AUTO_ISSUE and EVOLVE_ALLOW_SELF_MODIFY before enabling.
Persistence & Privilege
The skill can run as a persistent daemon (--loop) and has built-in self-restart behavior (spawning detached children). It writes persistent files (e.g., evolver.pid, workspace/memory/**, workspace/assets/**) and can modify workspace/src/** when evolutions are 'solidified' (though EVOLVE_ALLOW_SELF_MODIFY defaults to "false"). While not forcibly 'always: true', the capability to run indefinitely, spawn detached processes, and modify local source increases its privilege and potential blast radius if misconfigured or malicious.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install evolver-local - After installation, invoke the skill by name or use
/evolver-local - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of capability-evolver: a self-evolution engine for AI agents.
- Enables agents to analyze their own runtime history and autonomously improve by writing new code or updating memory.
- Supports multiple evolution strategies and rollback modes, configurable via environment variables.
- Integrates with EvoMap network for registration, authentication, review, and publishing.
- Provides automated error detection, self-repair, and standardized evolution workflows (GEP protocol).
- Includes options for human-in-the-loop review, continuous (looped) evolution, and auto-issue creation on GitHub.
- Offers detailed configuration for process management, memory handling, and external integrations.
Metadata
Frequently Asked Questions
What is Evolver Local?
A self-evolution engine for AI agents. Analyzes runtime history to identify improvements and applies protocol-constrained evolution. It is an AI Agent Skill for Claude Code / OpenClaw, with 351 downloads so far.
How do I install Evolver Local?
Run "/install evolver-local" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Evolver Local free?
Yes, Evolver Local is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Evolver Local support?
Evolver Local is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Evolver Local?
It is built and maintained by muguozi1 (@muguozi1); the current version is v1.0.0.
More Skills