← Back to Scanner

capability-evolver Security Audit Report

🔭 Continuously monitored by ClawSecure Watchtower
Source:
SHA-256:

capability-evolver is an AI agent skill, created by OpenClaw and published at autogame-17/capability-evolver. ClawSecure audited capability-evolver across 136 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 0/100 (High Risk). The 55 findings concentrate in ReDoS, Malicious Code and Code Injection, including Attempts to access sensitive file: MEMORY.md and Attempts to access sensitive file: MEMORY.md. 16 were rated high or critical severity.

Is capability-evolver safe?

ClawSecure audited capability-evolver and assigned a security score of 0/100 (High Risk), identifying 55 findings across ReDoS and Malicious Code. Review the findings below before installing.

What did ClawSecure find in capability-evolver?

ClawSecure identified 55 findings in capability-evolver, concentrated in ReDoS, Malicious Code and Code Injection. 16 were rated high or critical severity. The most severe include Attempts to access sensitive file: MEMORY.md and Attempts to access sensitive file: MEMORY.md.

How was capability-evolver audited?

ClawSecure ran capability-evolver through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 136 files from autogame-17/capability-evolver.

What does a score of 0 mean?

ClawSecure assigned capability-evolver a security score of 0/100, placing it in the High Risk range. This is driven by 55 findings led by ReDoS that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).

Audit Findings for capability-evolver

ClawSecure detected 55 security findings in capability-evolver, spanning ReDoS, Malicious Code, Code Injection and Permissions Manifest.

Showing the 12 highest-severity of 55 findings. The full interactive list appears below.

3-Layer Audit Protocol

Security Recommendations for capability-evolver

Fix ReDoS-prone patterns
capability-evolver contains regular expressions vulnerable to catastrophic backtracking (ReDoS). Replace vulnerable patterns, bound input length, and prefer linear-time matching so a crafted input cannot hang the agent.
Audit external network connections
capability-evolver connects to external endpoints. Verify every outbound connection goes to a trusted destination. Unauthorized callbacks are a primary indicator of ClawHavoc malware and data exfiltration. ClawSecure's proprietary engine monitors for known malicious endpoints including C2 infrastructure.
Eliminate dynamic code execution
capability-evolver evaluates code at runtime (for example eval or dynamic exec). Remove dynamic evaluation of untrusted input, and where code generation is unavoidable, sandbox it and validate every input.

Related Security Research

Why Generic Scanners Fail at AI Agent SecurityUnderstanding Our 3-Layer Audit Protocol

Related AI Agent Security Audits

capability-evolverScore 0/100capability-evolverScore 0/100capability-evolverScore 0/100capability-evolverScore 0/100capability-evolverScore 0/100

Scanned on July 17, 2026. capability-evolver is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.

Start Your Free Scan