capability-evolver

SUSPICIOUS. The core behavior—autonomous self-evolution via log/history analysis followed by immediate code or memory changes—is high-risk and disproportionate for a general skill, even if openly described. Install provenance is partly coherent, but the npm naming mismatch and unpinned update paths add supply-chain uncertainty. Main concern is autonomous self-modification and continuous operation, not confirmed malware.