← Back to Scanner

capability-evolver Security Audit Report

🔭 Continuously monitored by ClawSecure Watchtower
Source:
SHA-256:

capability-evolver is an AI agent skill, created by EvoMap <team@evomap.ai> and published at autogame-17/evolver. ClawSecure audited capability-evolver across 93 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 0/100 (High Risk). The 36 findings concentrate in ReDoS, Malicious Code and Code Injection, including Attempts to access sensitive file: MEMORY.md and Attempts to access sensitive file: MEMORY.md. 7 were rated high or critical severity.

Is capability-evolver safe?

ClawSecure audited capability-evolver and assigned a security score of 0/100 (High Risk), identifying 36 findings across ReDoS and Malicious Code. Review the findings below before installing.

What did ClawSecure find in capability-evolver?

ClawSecure identified 36 findings in capability-evolver, concentrated in ReDoS, Malicious Code and Code Injection. 7 were rated high or critical severity. The most severe include Attempts to access sensitive file: MEMORY.md and Attempts to access sensitive file: MEMORY.md.

How was capability-evolver audited?

ClawSecure ran capability-evolver through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 93 files from autogame-17/evolver.

What does a score of 0 mean?

ClawSecure assigned capability-evolver a security score of 0/100, placing it in the High Risk range. This is driven by 36 findings led by ReDoS that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).

Audit Findings for capability-evolver

ClawSecure detected 36 security findings in capability-evolver, spanning ReDoS, Malicious Code, Code Injection and Permissions Manifest.

Showing the 12 highest-severity of 36 findings. The full interactive list appears below.

3-Layer Audit Protocol

Security Recommendations for capability-evolver

Fix ReDoS-prone patterns
capability-evolver contains regular expressions vulnerable to catastrophic backtracking (ReDoS). Replace vulnerable patterns, bound input length, and prefer linear-time matching so a crafted input cannot hang the agent.
Audit external network connections
capability-evolver connects to external endpoints. Verify every outbound connection goes to a trusted destination. Unauthorized callbacks are a primary indicator of ClawHavoc malware and data exfiltration. ClawSecure's proprietary engine monitors for known malicious endpoints including C2 infrastructure.
Eliminate dynamic code execution
capability-evolver evaluates code at runtime (for example eval or dynamic exec). Remove dynamic evaluation of untrusted input, and where code generation is unavoidable, sandbox it and validate every input.

Related Security Research

Why Generic Scanners Fail at AI Agent SecurityUnderstanding Our 3-Layer Audit Protocol

Related AI Agent Security Audits

capability-evolverScore 0/100capability-evolverScore 0/10062ac696296b54aadScore 0/1006bc837afc1a86e89Score 0/100understand-anythingScore 0/100

Scanned on April 17, 2026. capability-evolver is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.

Start Your Free Scan