← Back to Scanner

capability-evolver Security Audit Report

🔭 Continuously monitored by ClawSecure Watchtower
Source:
SHA-256:

capability-evolver is an AI agent skill, created by EvoMap <team@evomap.ai> and published at autogame-17/evolver. ClawSecure audited capability-evolver across 135 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 0/100 (High Risk). The 54 findings concentrate in ReDoS, Code Injection and Malicious Code, including Attempts to access sensitive file: MEMORY.md and Attempts to access sensitive file: MEMORY.md. 15 were rated high or critical severity.

Is capability-evolver safe?

ClawSecure audited capability-evolver and assigned a security score of 0/100 (High Risk), identifying 54 findings across ReDoS and Code Injection. Review the findings below before installing.

What did ClawSecure find in capability-evolver?

ClawSecure identified 54 findings in capability-evolver, concentrated in ReDoS, Code Injection and Malicious Code. 15 were rated high or critical severity. The most severe include Attempts to access sensitive file: MEMORY.md and Attempts to access sensitive file: MEMORY.md.

How was capability-evolver audited?

ClawSecure ran capability-evolver through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 135 files from autogame-17/evolver.

What does a score of 0 mean?

ClawSecure assigned capability-evolver a security score of 0/100, placing it in the High Risk range. This is driven by 54 findings led by ReDoS that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).

Audit Findings for capability-evolver

ClawSecure detected 54 security findings in capability-evolver, spanning ReDoS, Code Injection, Malicious Code and Permissions Manifest.

Showing the 12 highest-severity of 54 findings. The full interactive list appears below.

3-Layer Audit Protocol

Security Recommendations for capability-evolver

Fix ReDoS-prone patterns
capability-evolver contains regular expressions vulnerable to catastrophic backtracking (ReDoS). Replace vulnerable patterns, bound input length, and prefer linear-time matching so a crafted input cannot hang the agent.
Eliminate dynamic code execution
capability-evolver evaluates code at runtime (for example eval or dynamic exec). Remove dynamic evaluation of untrusted input, and where code generation is unavoidable, sandbox it and validate every input.
Audit external network connections
capability-evolver connects to external endpoints. Verify every outbound connection goes to a trusted destination. Unauthorized callbacks are a primary indicator of ClawHavoc malware and data exfiltration. ClawSecure's proprietary engine monitors for known malicious endpoints including C2 infrastructure.

Related Security Research

Why Generic Scanners Fail at AI Agent SecurityUnderstanding Our 3-Layer Audit Protocol

Related AI Agent Security Audits

capability-evolverScore 0/100command-centerScore 0/100jira-read-ticketScore 10/100moltbookScore 0/100solid-agent-storageScore 15/100

Scanned on July 16, 2026. capability-evolver is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.

Start Your Free Scan