The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes validation commands defined in GEP Genes during the 'solidify' phase (src/gep/solidify.js). It implements a safety filter (isValidationCommandAllowed) that restricts execution to 'node', 'npm', and 'npx' commands, while explicitly blocking shell operators like ';', '|', and '&', as well as command substitutions.
[EXTERNAL_DOWNLOADS]: src/evolve.js contains an auto-update feature that uses the 'clawhub' CLI to download and install new versions of components. It also fetches evolution assets (Capsules and Genes) from remote hubs via the 'A2A_HUB_URL' environment variable.
[REMOTE_CODE_EXECUTION]: The Agent-to-Agent (A2A) protocol allowed by the skill enables ingesting Genes from external sources. These Genes contain executable validation commands. Although promotion to the local store requires a manual '--validated' flag and the skill audits commands before promotion, it establishes a mechanism for fetching and executing remote logic.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It extracts 'signals' and 'capability candidates' from session logs (src/gep/signals.js, src/gep/candidates.js). Malicious content or errors placed in chat logs could be parsed as signals, potentially leading the agent to perform unintended 'repairs' or 'innovations' on the codebase.
[DATA_EXFILTRATION]: Through the A2A protocol, the skill can broadcast evolution assets to a remote hub (A2A_HUB_URL). While src/gep/sanitize.js implements a redaction mechanism for secrets like API keys and local paths, any failure in these regex-based filters could result in sensitive data being sent to external infrastructure.
[COMMAND_EXECUTION]: Several operations modules (src/ops/lifecycle.js, src/ops/skills_monitor.js, src/ops/self_repair.js) use execSync and spawn to manage agent processes, perform git operations, and automatically run 'npm install' when missing dependencies are detected.

capability-evolver