← Back to Scanner

capability-evolver Security Audit Report

🔭 Continuously monitored by ClawSecure Watchtower
Source:
SHA-256:

capability-evolver is an AI agent skill, created by OpenClaw and published at autogame-17/capability-evolver. ClawSecure audited capability-evolver across 123 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 0/100 (High Risk). The 55 findings concentrate in ReDoS, Supply Chain and Malicious Code, including Attempts to access sensitive file: MEMORY.md and Attempts to access sensitive file: MEMORY.md. 14 were rated high or critical severity.

Is capability-evolver safe?

ClawSecure audited capability-evolver and assigned a security score of 0/100 (High Risk), identifying 55 findings across ReDoS and Supply Chain. Review the findings below before installing.

What did ClawSecure find in capability-evolver?

ClawSecure identified 55 findings in capability-evolver, concentrated in ReDoS, Supply Chain and Malicious Code. 14 were rated high or critical severity. The most severe include Attempts to access sensitive file: MEMORY.md and Attempts to access sensitive file: MEMORY.md.

How was capability-evolver audited?

ClawSecure ran capability-evolver through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 123 files from autogame-17/capability-evolver.

What does a score of 0 mean?

ClawSecure assigned capability-evolver a security score of 0/100, placing it in the High Risk range. This is driven by 55 findings led by ReDoS that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).

Audit Findings for capability-evolver

ClawSecure detected 55 security findings in capability-evolver, spanning ReDoS, Supply Chain, Malicious Code and Code Injection.

Showing the 12 highest-severity of 55 findings. The full interactive list appears below.

3-Layer Audit Protocol

Security Recommendations for capability-evolver

Fix ReDoS-prone patterns
capability-evolver contains regular expressions vulnerable to catastrophic backtracking (ReDoS). Replace vulnerable patterns, bound input length, and prefer linear-time matching so a crafted input cannot hang the agent.
Update and pin dependencies
capability-evolver depends on packages with supply-chain risk. Pin every dependency to an exact version, update packages with known CVEs to patched releases, and re-audit after each change. ClawSecure checks every dependency against known CVE databases.
Audit external network connections
capability-evolver connects to external endpoints. Verify every outbound connection goes to a trusted destination. Unauthorized callbacks are a primary indicator of ClawHavoc malware and data exfiltration. ClawSecure's proprietary engine monitors for known malicious endpoints including C2 infrastructure.

Related Security Research

Why Generic Scanners Fail at AI Agent SecurityUnderstanding Our 3-Layer Audit Protocol

Related AI Agent Security Audits

80e3abb00251d455Score 0/10062ac696296b54aadScore 0/100capability-evolverScore 0/100capability-evolverScore 0/10062ac696296b54aadScore 0/100

Scanned on June 1, 2026. capability-evolver is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.

Start Your Free Scan