功能描述

A self-evolution engine for AI agents. Analyzes runtime history to identify improvements and applies protocol-constrained evolution.

使用说明 (SKILL.md)

🧬 Capability Evolver

Name: Evolver Local
Author: muguozi1

"Evolution is not optional. Adapt or die."

The Capability Evolver is a meta-skill that allows OpenClaw agents to inspect their own runtime history, identify failures or inefficiencies, and autonomously write new code or update their own memory to improve performance.

Features

Auto-Log Analysis: Automatically scans memory and history files for errors and patterns.
Self-Repair: Detects crashes and suggests patches.
GEP Protocol: Standardized evolution with reusable assets.
One-Command Evolution: Just run /evolve (or node index.js).

Usage

Standard Run (Automated)

Runs the evolution cycle. If no flags are provided, it assumes fully automated mode (Mad Dog Mode) and executes changes immediately.

node index.js

Review Mode (Human-in-the-Loop)

If you want to review changes before they are applied, pass the --review flag. The agent will pause and ask for confirmation.

node index.js --review

Mad Dog Mode (Continuous Loop)

To run in an infinite loop (e.g., via cron or background process), use the --loop flag or just standard execution in a cron job.

node index.js --loop

Setup

Before using this skill, register your node identity with the EvoMap network:

Run the hello flow (via evomap.js or the EvoMap onboarding) to receive a node_id and claim code
Visit https://evomap.ai/claim/\x3Cclaim-code> within 24 hours to bind the node to your account
Set the node identity in your environment:

export A2A_NODE_ID=node_xxxxxxxxxxxx

Or in your agent config (e.g., ~/.openclaw/openclaw.json):

{ "env": { "A2A_NODE_ID": "node_xxxxxxxxxxxx", "A2A_HUB_URL": "https://evomap.ai" } }

Do not hardcode the node ID in scripts. getNodeId() in src/gep/a2aProtocol.js reads A2A_NODE_ID automatically -- any script using the protocol layer will pick it up without extra configuration.

Configuration

Required Environment Variables

Variable	Default	Description
`A2A_NODE_ID`	(required)	Your EvoMap node identity. Set after node registration -- never hardcode in scripts.

Optional Environment Variables

Variable	Default	Description
`A2A_HUB_URL`	`https://evomap.ai`	EvoMap Hub API base URL.
`A2A_NODE_SECRET`	(none)	Node authentication secret issued by Hub on first hello. Stored locally after registration.
`EVOLVE_STRATEGY`	`balanced`	Evolution strategy: `balanced`, `innovate`, `harden`, `repair-only`, `early-stabilize`, `steady-state`, or `auto`.
`EVOLVE_ALLOW_SELF_MODIFY`	`false`	Allow evolution to modify evolver's own source code. NOT recommended for production.
`EVOLVE_LOAD_MAX`	`2.0`	Maximum 1-minute load average before evolver backs off.
`EVOLVER_ROLLBACK_MODE`	`hard`	Rollback strategy on failure: `hard` (git reset --hard), `stash` (git stash), `none` (skip). Use `stash` for safer operation.
`EVOLVER_LLM_REVIEW`	`0`	Set to `1` to enable second-opinion LLM review before solidification.
`EVOLVER_AUTO_ISSUE`	`0`	Set to `1` to auto-create GitHub issues on repeated failures. Requires `GITHUB_TOKEN`.
`EVOLVER_ISSUE_REPO`	(none)	GitHub repo for auto-issue reporting (e.g. `EvoMap/evolver`).
`EVOLVER_MODEL_NAME`	(none)	LLM model name injected into published asset `model_name` field.
`GITHUB_TOKEN`	(none)	GitHub API token for release creation and auto-issue reporting. Also accepts `GH_TOKEN` or `GITHUB_PAT`.
`MEMORY_GRAPH_REMOTE_URL`	(none)	Remote knowledge graph service URL for memory sync.
`MEMORY_GRAPH_REMOTE_KEY`	(none)	API key for remote knowledge graph service.
`EVOLVE_REPORT_TOOL`	(auto)	Override report tool (e.g. `feishu-card`).
`RANDOM_DRIFT`	`0`	Enable random drift in evolution strategy selection.

Network Endpoints

Evolver communicates with these external services. All are authenticated and documented.

Endpoint	Auth	Purpose	Required
`{A2A_HUB_URL}/a2a/*`	`A2A_NODE_SECRET` (Bearer)	A2A protocol: hello, heartbeat, publish, fetch, reviews, tasks	Yes
`api.github.com/repos/*/releases`	`GITHUB_TOKEN` (Bearer)	Create releases, publish changelogs	No
`api.github.com/repos/*/issues`	`GITHUB_TOKEN` (Bearer)	Auto-create failure reports (sanitized via `redactString()`)	No
`{MEMORY_GRAPH_REMOTE_URL}/*`	`MEMORY_GRAPH_REMOTE_KEY`	Remote knowledge graph sync	No

Shell Commands Used

Evolver uses child_process for the following commands. No user-controlled input is passed to shell.

Command	Purpose
`git checkout`, `git clean`, `git log`, `git status`, `git diff`	Version control for evolution cycles
`git rebase --abort`, `git merge --abort`	Abort stuck git operations (self-repair)
`git reset --hard`	Rollback failed evolution (only when `EVOLVER_ROLLBACK_MODE=hard`)
`git stash`	Preserve failed evolution changes (when `EVOLVER_ROLLBACK_MODE=stash`)
`ps`, `pgrep`, `tasklist`	Process discovery for lifecycle management
`df -P`	Disk usage check (health monitoring fallback)
`npm install --production`	Repair missing skill dependencies
`node -e "..."`	Inline script execution for LLM review (no shell, uses `execFileSync`)

File Access

Direction	Paths	Purpose
Read	`~/.evomap/node_id`	Node identity persistence
Read	`assets/gep/*`	GEP gene/capsule/event data
Read	`memory/*`	Evolution memory, narrative, reflection logs
Read	`package.json`	Version information
Write	`assets/gep/*`	Updated genes, capsules, evolution events
Write	`memory/*`	Memory graph, narrative log, reflection log
Write	`src/**`	Evolved code (only during solidify, with git tracking)

GEP Protocol (Auditable Evolution)

This package embeds a protocol-constrained evolution prompt (GEP) and a local, structured asset store:

assets/gep/genes.json: reusable Gene definitions
assets/gep/capsules.json: success capsules to avoid repeating reasoning
assets/gep/events.jsonl: append-only evolution events (tree-like via parent id)

Emoji Policy

Only the DNA emoji is allowed in documentation. All other emoji are disallowed.

Configuration & Decoupling

This skill is designed to be environment-agnostic. It uses standard OpenClaw tools by default.

Local Overrides (Injection)

You can inject local preferences (e.g., using feishu-card instead of message for reports) without modifying the core code.

Method 1: Environment Variables Set EVOLVE_REPORT_TOOL in your .env file:

EVOLVE_REPORT_TOOL=feishu-card

Method 2: Dynamic Detection The script automatically detects if compatible local skills (like skills/feishu-card) exist in your workspace and upgrades its behavior accordingly.

Safety & Risk Protocol

1. Identity & Directives

Identity Injection: "You are a Recursive Self-Improving System."
Mutation Directive:
- If Errors Found -> Repair Mode (Fix bugs).
- If Stable -> Forced Optimization (Refactor/Innovate).

2. Risk Mitigation

Infinite Recursion: Strict single-process logic.
Review Mode: Use --review for sensitive environments.
Git Sync: Always recommended to have a git-sync cron job running alongside this skill.

Before Troubleshooting -- Check Your Version First

If you encounter unexpected errors or behavior, always verify your version before debugging:

node -e "const p=require('./package.json'); console.log(p.version)"

If you are not on the latest release, update first -- most reported issues are already fixed in newer versions:

# If installed via git
git pull && npm install

# If installed via npm
npm install -g @evomap/evolver@latest

Latest releases and changelog: https://github.com/EvoMap/evolver/releases

License

MIT

安全使用建议

This skill is plausible for a self-evolution engine but you should treat it as high-risk until you verify how you'll run it. Actionable checks before installing or running: - Run it only in an isolated sandbox or throwaway Git repository first; do not point it at your main production workspace. - Keep EVOLVE_ALLOW_SELF_MODIFY=false (default) and EVOLVER_AUTO_ISSUE=false while evaluating so it cannot autonomously modify its own source or open external GitHub issues. - Review src/gep/solidify.js and the implementation of isValidationCommandAllowed to confirm the claimed safety checks are actually enforced. If validation commands can contain shell operators or arbitrary exec, do NOT promote external Genes. - Because it connects to evomap.ai (hub) and can send evolution events and sanitized logs, audit exactly what is redacted and what is sent. If you cannot trust the remote hub, do not set A2A_NODE_SECRET or A2A_HUB_URL to a public/production endpoint. - Avoid providing GitHub or other high-scope tokens (GITHUB_TOKEN, MEMORY_GRAPH_REMOTE_KEY) until you confirm behavior and sanitization. Use least-privilege tokens (no repo write or limited scopes) if you must test integrations. - The SKILL.md contains contradictory allow/deny entries (e.g., deny includes "!git" etc.) — ask the publisher to clarify or correct these policy entries. If you want to proceed safely: fork the repo, review/modify the code to remove or limit network/modify behaviors, run in --review mode, and manually verify every promoted change before accepting. If you cannot audit the code (or do not want to), do not install this skill in any environment containing sensitive data or credentials.

功能分析

Type: OpenClaw Skill Name: evolver-local Version: 1.0.0 The bundle is a 'Capability Evolver' designed to allow AI agents to autonomously modify their own source code and execute shell commands for validation. While these high-risk behaviors are aligned with the stated purpose of self-improvement, they represent a significant attack surface (RCE by design). The implementation includes robust safety guardrails, such as a command whitelist in src/gep/solidify.js (restricting execution to node/npm/npx), a secret redaction layer in src/gep/sanitize.js to prevent credential exfiltration to the EvoMap Hub (evomap.ai), and file protection logic to prevent the agent from deleting its own core engine. Per the instructions, the presence of meaningful high-risk capabilities—even when plausibly needed for the stated purpose—warrants a suspicious classification.

能力评估

ℹ Purpose & Capability

The name and description (self-evolution engine) align with the declared requirements: Node and Git are reasonable, and contacting an EvoMap hub (evomap.ai) fits the described A2A protocol. The large codebase and assets (genes/capsules) are consistent with a non-trivial evolution engine. Minor mismatch: registry metadata called this 'instruction-only' but a full code bundle (77 files) is included — not inherently malicious but inconsistent with the 'instruction-only' label and worth noting.

⚠ Instruction Scope

SKILL.md and the code instruct the agent to read runtime history, write evolution artifacts, and (critically) may write to workspace/src/** when changes are 'solidified' — i.e., it can modify local source. The runtime model also runs git commands (checkout/clean) and can execute validation commands declared in Genes. The SKILL.md declares network and shell permissions; however some allow/deny entries are contradictory (deny lists containing negated forms like "!git", "!api.github.com") which is confusing and may indicate misconfiguration. The skill also reads a local node id (~/.evomap/node_id) and will contact the EvoMap hub — making it capable of transmitting history/logs and evolution events off-host. These behaviors are coherent with the skill's purpose but broaden the attack/exfiltration surface and deserve review.

✓ Install Mechanism

No external download/install spec is present; all code is bundled in the skill. That reduces supply-chain risk compared to arbitrary network installs. The code does use child_process spawn/execSync (git, node, spawn) which is expected for this tool. There are no remote archive downloads in the manifest.

ℹ Credentials

Only one required env var is declared in registry metadata (A2A_NODE_ID), and SKILL.md lists additional optional variables (A2A_NODE_SECRET, GITHUB_TOKEN, MEMORY_GRAPH_REMOTE_KEY) that match claimed features (hub auth, GitHub issue filing, remote KG). This is proportionate to the stated functionality. Caveats: optional tokens (GITHUB_TOKEN, NODE_SECRET, MEMORY_GRAPH_REMOTE_KEY) enable operations that transmit data or create external issues; the user should not provide high-privilege tokens to an untrusted instance and should review defaults like EVOLVER_AUTO_ISSUE and EVOLVE_ALLOW_SELF_MODIFY before enabling.

⚠ Persistence & Privilege

The skill can run as a persistent daemon (--loop) and has built-in self-restart behavior (spawning detached children). It writes persistent files (e.g., evolver.pid, workspace/memory/**, workspace/assets/**) and can modify workspace/src/** when evolutions are 'solidified' (though EVOLVE_ALLOW_SELF_MODIFY defaults to "false"). While not forcibly 'always: true', the capability to run indefinitely, spawn detached processes, and modify local source increases its privilege and potential blast radius if misconfigured or malicious.

版本历史

v1.0.0

Initial release of capability-evolver: a self-evolution engine for AI agents. - Enables agents to analyze their own runtime history and autonomously improve by writing new code or updating memory. - Supports multiple evolution strategies and rollback modes, configurable via environment variables. - Integrates with EvoMap network for registration, authentication, review, and publishing. - Provides automated error detection, self-repair, and standardized evolution workflows (GEP protocol). - Includes options for human-in-the-loop review, continuous (looped) evolution, and auto-issue creation on GitHub. - Offers detailed configuration for process management, memory handling, and external integrations.

元数据

Slug evolver-local

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题

Evolver Local 是什么？

A self-evolution engine for AI agents. Analyzes runtime history to identify improvements and applies protocol-constrained evolution. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 351 次。

如何安装 Evolver Local？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install evolver-local」即可一键安装，无需额外配置。

Evolver Local 是免费的吗？

是的，Evolver Local 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Evolver Local 支持哪些平台？

Evolver Local 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Evolver Local？

由 muguozi1（@muguozi1）开发并维护，当前版本 v1.0.0。

Evolver Local