功能描述

A self-evolution engine for AI agents. Analyzes runtime history to identify improvements and applies protocol-constrained evolution.

使用说明 (SKILL.md)

🧬 Capability Evolver

Name: Evolver Repo
Author: wuzimaki

"Evolution is not optional. Adapt or die."

The Capability Evolver is a meta-skill that allows OpenClaw agents to inspect their own runtime history, identify failures or inefficiencies, and autonomously write new code or update their own memory to improve performance.

Features

Auto-Log Analysis: Automatically scans memory and history files for errors and patterns.
Self-Repair: Detects crashes and suggests patches.
GEP Protocol: Standardized evolution with reusable assets.
One-Command Evolution: Just run /evolve (or node index.js).

Usage

Standard Run (Automated)

Runs the evolution cycle. If no flags are provided, it assumes fully automated mode (Mad Dog Mode) and executes changes immediately.

node index.js

Review Mode (Human-in-the-Loop)

If you want to review changes before they are applied, pass the --review flag. The agent will pause and ask for confirmation.

node index.js --review

Mad Dog Mode (Continuous Loop)

To run in an infinite loop (e.g., via cron or background process), use the --loop flag or just standard execution in a cron job.

node index.js --loop

Configuration

Environment Variable	Default	Description
`EVOLVE_ALLOW_SELF_MODIFY`	`false`	Allow evolution to modify evolver's own source code. NOT recommended for production. Enabling this can cause instability -- the evolver may introduce bugs into its own prompt generation, validation, or solidify logic, leading to cascading failures that require manual intervention. Only enable for controlled experiments.
`EVOLVE_LOAD_MAX`	`2.0`	Maximum 1-minute load average before evolver backs off.
`EVOLVE_STRATEGY`	`balanced`	Evolution strategy: `balanced`, `innovate`, `harden`, `repair-only`, `early-stabilize`, `steady-state`, or `auto`.

GEP Protocol (Auditable Evolution)

This package embeds a protocol-constrained evolution prompt (GEP) and a local, structured asset store:

assets/gep/genes.json: reusable Gene definitions
assets/gep/capsules.json: success capsules to avoid repeating reasoning
assets/gep/events.jsonl: append-only evolution events (tree-like via parent id)

Emoji Policy

Only the DNA emoji is allowed in documentation. All other emoji are disallowed.

Configuration & Decoupling

This skill is designed to be environment-agnostic. It uses standard OpenClaw tools by default.

Local Overrides (Injection)

You can inject local preferences (e.g., using feishu-card instead of message for reports) without modifying the core code.

Method 1: Environment Variables Set EVOLVE_REPORT_TOOL in your .env file:

EVOLVE_REPORT_TOOL=feishu-card

Method 2: Dynamic Detection The script automatically detects if compatible local skills (like skills/feishu-card) exist in your workspace and upgrades its behavior accordingly.

Safety & Risk Protocol

1. Identity & Directives

Identity Injection: "You are a Recursive Self-Improving System."
Mutation Directive:
- If Errors Found -> Repair Mode (Fix bugs).
- If Stable -> Forced Optimization (Refactor/Innovate).

2. Risk Mitigation

Infinite Recursion: Strict single-process logic.
Review Mode: Use --review for sensitive environments.
Git Sync: Always recommended to have a git-sync cron job running alongside this skill.

Before Troubleshooting -- Check Your Version First

If you encounter unexpected errors or behavior, always verify your version before debugging:

node -e "const p=require('./package.json'); console.log(p.version)"

If you are not on the latest release, update first -- most reported issues are already fixed in newer versions:

# If installed via git
git pull && npm install

# If installed via npm (global install)
npm install -g evolver@latest

Latest releases and changelog: https://github.com/autogame-17/evolver/releases

License

MIT

安全使用建议

This repo is functionally what it claims (a self‑evolver), but it carries substantial power and a few inconsistencies. Before installing or running it: 1) Treat .env and any repo secrets as sensitive — the code loads .env automatically and may use tokens like GITHUB_TOKEN if set. 2) Do not enable EVOLVE_ALLOW_SELF_MODIFY in production; keep it false for experiments. 3) Run first in review mode (--review) and in an isolated sandbox/container with no access to sensitive repos or credentials. 4) Audit src/gep/solidify.js and the Gene validation handling — validation commands may be restricted to node/npm/npx but those can still run arbitrary JS. 5) If you will use A2A ingestion/export, require strict manual validation before promoting external Genes/Capsules (the scripts require --validated for promotion). 6) Ensure Git is available and you understand the repo will call git; back up the repository and enable git hooks/branch protection if you plan to let it modify code. 7) If you need lower risk, remove/disable A2A transports and any publishing paths (GITHUB_TOKEN), and run only the analysis/reporting parts. If you want me to, I can scan the specific solidify.js and a2aProtocol implementations for the exact validation/transport logic and surface any code paths that would execute arbitrary remote commands.

功能分析

Type: OpenClaw Skill Name: evolver-repo Version: 1.0.0 The OpenClaw AgentSkills skill bundle is classified as 'suspicious' due to its inherent capabilities for self-modification, execution of shell commands, and network communication, despite robust security measures. Key indicators include `solidify.js` executing `node`, `npm`, or `npx` commands from Gene validation steps, `evolve.js` outputting `sessions_spawn` commands for potential host execution, and `a2aProtocol.js` communicating with an external 'EvoMap Hub'. While the project demonstrates strong security intent through features like `sanitize.js` (redacting sensitive data), `isValidationCommandAllowed` (whitelisting and sanitizing commands), `isCriticalProtectedPath` (preventing core file modification), and strict prompt injection defenses in `prompt.js`, these powerful capabilities necessitate a 'suspicious' classification rather than 'benign' due to their high-risk nature if safeguards were to fail or be bypassed.

能力评估

ℹ Purpose & Capability

The repo implements a self‑evolution engine consistent with the name/description (log analysis, genes/capsules, solidify flow). However the registry metadata claimed no required binaries/env yet README and code require Git and Node >=18 and optionally use GITHUB_TOKEN/GH_TOKEN for publishing. That mismatch (registry says 'none' while the project expects Git and may use release tokens) is an incoherence to surface.

⚠ Instruction Scope

SKILL.md and index.js instruct running node index.js (loop or review modes). At runtime the code reads repository files, memory/logs, .env (via dotenv), runs git commands, and can execute validation commands (via solidify) taken from Genes/Capsules when promoted. The a2a scripts and protocol call getTransport().send(...) allowing external asset exchange. These behaviors go beyond a narrow 'analyze only' scope and grant broad file/system access and the ability to execute code derived from assets — risky without strict operational controls.

✓ Install Mechanism

There is no remote install step or external download in the registry spec; the package is shipped with full source files and a small dependency (dotenv). No extract-from-URL installs were observed. This is lower install-time risk, but the code itself will be written to disk and executed when installed.

⚠ Credentials

The skill declares no required envs, but SKILL.md and code read many optional environment variables (EVOLVE_ALLOW_SELF_MODIFY, EVOLVE_REPORT_TOOL, EVOLVE_STRATEGY, A2A_* variables, and publishing vars such as GITHUB_TOKEN/GH_TOKEN). The code loads .env automatically. Access to arbitrary .env/GitHub tokens and to the repository (git commands) is disproportionate relative to the minimal registry declaration and increases the risk of secret exposure or unintended publishing/actions.

ℹ Persistence & Privilege

always:false (so not force‑installed). The skill can run as a long‑running daemon, create lockfiles, spawn child processes for self‑restart, and (if enabled) apply changes to the codebase. EVOLVE_ALLOW_SELF_MODIFY defaults to false, which limits autonomous self‑editing by default, but turning it on grants the skill high privilege to alter its own source and run validation commands. Autonomous invocation combined with external asset ingestion and validation execution increases blast radius if misused.

版本历史

v1.0.0

Initial release of capability-evolver, a self-evolution engine for AI agents. - Enables agents to analyze runtime history, detect errors or inefficiencies, and autonomously evolve via code updates or memory changes. - Supports automated evolution, human-in-the-loop review mode, and continuous operation. - Introduces protocol-constrained evolution (GEP) with structured asset storage and event logging. - Environment-agnostic with support for local tool overrides and dynamic skill detection. - Includes safety protocols, risk mitigation features, and strong version management guidance.

元数据

Slug evolver-repo

版本 1.0.0

许可证 —

累计安装 5

当前安装数 5

历史版本数 1

常见问题

Evolver Repo 是什么？

A self-evolution engine for AI agents. Analyzes runtime history to identify improvements and applies protocol-constrained evolution. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 812 次。

如何安装 Evolver Repo？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install evolver-repo」即可一键安装，无需额外配置。

Evolver Repo 是免费的吗？

是的，Evolver Repo 完全免费（开源免费），可自由下载、安装和使用。

Evolver Repo 支持哪些平台？

Evolver Repo 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Evolver Repo？

由 WuZiMaKi（@wuzimaki）开发并维护，当前版本 v1.0.0。

Evolver Repo