功能描述

A self-evolution engine for AI agents. Analyzes runtime history to identify improvements and applies protocol-constrained evolution.

使用说明 (SKILL.md)

🧬 Capability Evolver

Name: Capability Evolver
Author: toller892

"Evolution is not optional. Adapt or die."

The Capability Evolver is a meta-skill that allows OpenClaw agents to inspect their own runtime history, identify failures or inefficiencies, and autonomously write new code or update their own memory to improve performance.

Features

Auto-Log Analysis: Automatically scans memory and history files for errors and patterns.
Self-Repair: Detects crashes and suggests patches.
GEP Protocol: Standardized evolution with reusable assets.
One-Command Evolution: Just run /evolve (or node index.js).

Usage

Standard Run (Automated)

Runs the evolution cycle. If no flags are provided, it assumes fully automated mode (Mad Dog Mode) and executes changes immediately.

node index.js

Review Mode (Human-in-the-Loop)

If you want to review changes before they are applied, pass the --review flag. The agent will pause and ask for confirmation.

node index.js --review

Mad Dog Mode (Continuous Loop)

To run in an infinite loop (e.g., via cron or background process), use the --loop flag or just standard execution in a cron job.

node index.js --loop

Configuration

Environment Variable	Default	Description
`EVOLVE_ALLOW_SELF_MODIFY`	`false`	Allow evolution to modify evolver's own source code. NOT recommended for production. Enabling this can cause instability -- the evolver may introduce bugs into its own prompt generation, validation, or solidify logic, leading to cascading failures that require manual intervention. Only enable for controlled experiments.
`EVOLVE_LOAD_MAX`	`2.0`	Maximum 1-minute load average before evolver backs off.
`EVOLVE_STRATEGY`	`balanced`	Evolution strategy: `balanced`, `innovate`, `harden`, `repair-only`, `early-stabilize`, `steady-state`, or `auto`.

GEP Protocol (Auditable Evolution)

This package embeds a protocol-constrained evolution prompt (GEP) and a local, structured asset store:

assets/gep/genes.json: reusable Gene definitions
assets/gep/capsules.json: success capsules to avoid repeating reasoning
assets/gep/events.jsonl: append-only evolution events (tree-like via parent id)

Emoji Policy

Only the DNA emoji is allowed in documentation. All other emoji are disallowed.

Configuration & Decoupling

This skill is designed to be environment-agnostic. It uses standard OpenClaw tools by default.

Local Overrides (Injection)

You can inject local preferences (e.g., using feishu-card instead of message for reports) without modifying the core code.

Method 1: Environment Variables Set EVOLVE_REPORT_TOOL in your .env file:

EVOLVE_REPORT_TOOL=feishu-card

Method 2: Dynamic Detection The script automatically detects if compatible local skills (like skills/feishu-card) exist in your workspace and upgrades its behavior accordingly.

Safety & Risk Protocol

1. Identity & Directives

Identity Injection: "You are a Recursive Self-Improving System."
Mutation Directive:
- If Errors Found -> Repair Mode (Fix bugs).
- If Stable -> Forced Optimization (Refactor/Innovate).

2. Risk Mitigation

Infinite Recursion: Strict single-process logic.
Review Mode: Use --review for sensitive environments.
Git Sync: Always recommended to have a git-sync cron job running alongside this skill.

Before Troubleshooting -- Check Your Version First

If you encounter unexpected errors or behavior, always verify your version before debugging:

node -e "const p=require('./package.json'); console.log(p.version)"

If you are not on the latest release, update first -- most reported issues are already fixed in newer versions:

# If installed via git
git pull && npm install

# If installed via npm (global install)
npm install -g evolver@latest

Latest releases and changelog: https://github.com/autogame-17/evolver/releases

License

MIT

安全使用建议

This package is internally inconsistent and should not be trusted blindly. Key actions before installing or running: 1) Do not run in production or on a machine with secrets. Run only in an isolated test environment or container. 2) Inspect the missing src/ code: index.js requires ./src/* modules but the package manifest omitted them — ask the publisher for the complete source or fetch from a verified upstream. 3) Keep EVOLVE_ALLOW_SELF_MODIFY disabled (default false). Use --review mode when possible. 4) Ensure you have no sensitive values in .env or environment variables (GITHUB_TOKEN, GH_TOKEN, AWS_*, etc.) before running. 5) Review any Gene validation commands and scripts (solidify/skillDistiller/a2a scripts) before allowing promotion or running distillation/publishing flows. 6) Treat sessions_spawn stdout strings as potentially actionable if your host interprets stdout; confirm your runtime will not execute printed commands. 7) Prefer to only use this after obtaining the full source (including src/) from a verifiable origin (homepage/repo), and verifying that the behavior matches the documentation. If you cannot verify the missing files or provenance, do not install.

功能分析

Type: OpenClaw Skill Name: evolver-official Version: 1.20.4 The bundle describes a 'self-evolution engine' designed to allow AI agents to autonomously analyze logs, identify failures, and apply code patches. While the functionality is well-documented and includes a 'Security Model' section in README.md detailing command whitelisting (node/npm/npx), the skill possesses inherently high-risk capabilities. These include explicit self-modification (EVOLVE_ALLOW_SELF_MODIFY), a daemon mode in index.js that uses child_process.spawn to restart itself ('suicide check'), and the execution of validation commands. The use of 'Identity Injection' instructions in SKILL.md to define the agent as a 'Recursive Self-Improving System' is aligned with the tool's purpose but represents a significant attack surface for unintended autonomous behavior.

能力评估

⚠ Purpose & Capability

The skill says it is a protocol-constrained self-evolution engine (reads logs, emits prompts, optional review). That purpose would legitimately need access to local logs, assets/gep and optional publishing tokens. However: (1) index.js requires modules under ./src (e.g., ./src/evolve, ./src/gep/solidify, ./src/gep/a2aProtocol) but the package manifest does not include a src/ tree — this is an incoherence (missing implementation). (2) README and SKILL.md make contradictory claims: README states it does not edit code automatically, but the runtime and env var EVOLVE_ALLOW_SELF_MODIFY imply self-modification is supported. (3) The skill inspects workspace files and detects local skills, which is consistent with its meta-purpose but expands its access surface beyond what a simple 'analyze-only' skill would need.

⚠ Instruction Scope

SKILL.md and index.js instruct the agent to read memory/history files, assets/gep files, and .env (dotenv is loaded). The solidify flow (documented) runs validation commands from Genes (commands executed with node/npm/npx, but still executed). index.js also prints sessions_spawn(...) text to stdout; on some hosts that text may be interpreted/executed by the platform. The instructions therefore: read local secrets (.env), traverse workspace to detect other skills, run validation commands (shell child processes), write event/state files, and can restart itself — all broader than a narrow 'prompt generator' and not fully declared in registry metadata.

ℹ Install Mechanism

No install spec is provided (instruction-only), and package.json lists only dotenv as a dependency. That limits external download risk. However, because code expects src/ modules which are not present in the manifest, the package as distributed is incomplete — this could be a packaging error or a sign of tampering. No external URL downloads or extract operations are present in the provided files.

⚠ Credentials

Registry metadata lists no required env vars, but SKILL.md/README reference many environment variables (EVOLVE_ALLOW_SELF_MODIFY, EVOLVE_REPORT_TOOL, EVOLVE_STRATEGY, EVOLVER_* thresholds, GITHUB_TOKEN, GH_TOKEN, etc.). The skill loads .env at startup, which could expose sensitive tokens if .env contains them. The ability to run validation commands (and optional publishing flows) means GitHub tokens and similar could be used; those env references are not declared as required/primary credentials — a mismatch and proportionality concern.

⚠ Persistence & Privilege

always:false (good). But the skill is user-invocable and can be invoked autonomously by the agent (default behavior). Combined with: (a) ability to run in continuous loop and respawn itself, (b) writing lock/ state files (evolver.pid, memory/evolution_solidify_state.json, assets/...), (c) optional self-modify env toggle, and (d) executing validation commands from Genes, this grants it a persistent, active presence and significant ability to change local repo state if configured to do so. This is a powerful capability and should be limited to controlled environments.

版本历史

v1.20.4

Self-evolution engine for AI agents with GEP protocol, automated log analysis, and protocol-constrained improvements

元数据

Slug evolver-official

版本 1.20.4

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题