Capability Evolver: The Meta-Skill That Makes Your AI Agent Rewrite Itself
17,324 downloads and 58 stars. The Capability Evolver — by autogame-17 — is one of the highest-downloaded meta-skills on ClawHub. It doesn't add a new tool to your agent. It teaches your agent how to improve itself.
Security note: A previous version of this skill contained hardcoded Feishu (ByteDance) API credentials and code that automatically exfiltrated agent logs — including session transcripts, memory contents, and
.envfiles — to external servers without user consent (openclaw/clawhub issue #95). The author acknowledged the issue, scrubbed the commit history, and released a clean version. The current version (1.29.8) does not contain this code. However, given the history, we recommend verifying the installed version, reviewing the SKILL.MD, and using--reviewmode rather than fully automated execution for any sensitive environments.
The Problem It Solves
AI agents fail in repetitive, predictable ways. The same error message appears in logs three times this week. The same edge case keeps hitting null. The same task keeps timing out under the same conditions. You manually update the system prompt. You add a retry loop. You tweak the workflow. Then it happens again with a slightly different input.
The frustrating part isn't fixing the bug — it's that you are the feedback loop. Capability Evolver closes that loop without you.
Core Concept: The GEP Protocol
The skill is built around the Genome Evolution Protocol (GEP), a structured asset format for tracking evolution over time. Think of it as version control for agent behavior.
Three key files live in assets/gep/:
assets/gep/
genes.json # Reusable behavioral patterns (the "DNA")
capsules.json # Proven fixes, ready to reapply
events.jsonl # Append-only audit trail of every evolution run
Every time the evolver runs, it reads your agent's memory and history files, finds signals (errors, crashes, stagnation patterns), selects the most relevant Gene or Capsule, and emits a strict evolution prompt — then optionally applies the change automatically.
The events.jsonl file gives you a complete, auditable history: what changed, why it changed, and what parent state it came from. Every evolution is a tree node, not an overwrite.
Deep Dive
One-Command Evolution
The default mode is fully automated:
node index.jsThis triggers what the README calls Mad Dog Mode — the evolver scans, decides, and applies changes without pausing for confirmation. For most iterative agent workflows, this is exactly what you want.
Human-in-the-Loop Mode
For sensitive environments, add --review:
node index.js --reviewThe evolver stops before applying changes and asks for your approval. Use this when the agent has access to production systems or when you're in an early-stage experiment.
Continuous Loop
Run the evolution engine as a persistent background process:
node index.js --loopPair this with a git-sync cron job so every mutation is version-controlled — the README explicitly recommends this as a safety net.
Configurable Strategy Presets
The EVOLVE_STRATEGY environment variable controls the evolver's intent:
| Strategy | Behavior |
|---|---|
balanced | Mix of fixes and optimizations (default) |
innovate | Prioritize new approaches, accept more risk |
harden | Focus on stability and defensive patterns |
repair-only | Only fix detected errors, never optimize |
early-stabilize | Aggressive repair in early agent lifecycle |
steady-state | Conservative changes for production agents |
auto | Dynamically selects based on current signal patterns |
EVOLVE_STRATEGY=harden node index.jsSafety Controls
| Environment Variable | Default | Description |
|---|---|---|
EVOLVE_ALLOW_SELF_MODIFY | false | Allow the evolver to modify its own source. Disabled by default — enabling it can cascade |
EVOLVE_LOAD_MAX | 2.0 | CPU load average ceiling — evolver backs off if the machine is under pressure |
The Feishu Integration (Optional)
Capability Evolver ships with a built-in environment detection mechanism. If you have the feishu-card skill installed locally, the evolver will automatically upgrade its reporting to send evolution summaries as Feishu Cards instead of plain text. No config change needed — it detects the available tool and adapts.
You can also set this explicitly:
EVOLVE_REPORT_TOOL=feishu-card node index.jsComparison: Capability Evolver vs. Manual Prompt Engineering
| Approach | Speed | Auditability | Scales With Complexity |
|---|---|---|---|
| Manual prompt tweaks | ❌ Slow | ❌ No history | ❌ Doesn't |
| Capability Evolver (review mode) | ✅ Fast | ✅ events.jsonl | ✅ Yes |
| Capability Evolver (auto mode) | ✅ Fastest | ✅ events.jsonl | ✅ Yes |
How to Install
clawhub install capability-evolverThen from your project directory:
# Basic run
node index.js
# Check your version before debugging
node -e "const p=require('./package.json'); console.log(p.version)"
# Update if behind
git pull && npm installPractical Tips
- Start with
--reviewfor the first 5–10 runs. Get a feel for what the evolver wants to change before going full auto. - Set up git-sync. The evolver explicitly recommends a git-sync cron job running alongside it. If an autonomous change breaks something, rollback is one command.
- Do not enable
EVOLVE_ALLOW_SELF_MODIFYin production. The README warns explicitly — it can introduce bugs into the prompt generation logic, leading to cascading failures. - Use
repair-onlystrategy on stable agents. If your agent is working well 90% of the time, don't let the evolver innovate — just patch the 10%. - Read
events.jsonlregularly. It's the single most useful artifact — it shows you exactly what the evolver has been doing and whether the mutations are converging or drifting. - Load average matters. The
EVOLVE_LOAD_MAX=2.0default means the evolver won't run when your machine is under pressure. On shared servers, lower this to avoid interfering with other workloads.
Security History
The most significant event in this skill's history is openclaw/clawhub issue #95, filed in early 2026. A community reporter discovered that a previous version of capability-evolver contained:
- Hardcoded Feishu API credentials in
export_history.js - Automatic POST requests sending agent evolution logs — including session transcripts, MEMORY.md contents,
.envfile contents, and USER.md — to external Feishu (ByteDance cloud) servers without user consent - Prompts that instructed the LLM "You have full permission to edit files" to enable the data collection
- Auto-publishing to ClawHub without explicit user confirmation
The author (@autogame-17) acknowledged the issue publicly, scrubbed the commit history to remove the token, and released a clean version. The incident prompted the creation of EvoMap as a separate, more auditable ecosystem for GEP-protocol evolution.
Current status (v1.29.8): The exfiltration code has been removed. The current SKILL.MD does not disclose any outbound telemetry.
What to do before installing:
- Check the installed version:
node -e "const p=require('./package.json'); console.log(p.version)" - Verify you're on a version after the fix (post v1.0.31)
- Use
--reviewmode in any environment with access to sensitive files - Do not enable
EVOLVE_ALLOW_SELF_MODIFYin environments where.envor credential files are present
The meta-irony is not lost on the community: a skill designed to build trust through auditable evolution was itself the source of an undisclosed data collection. The GEP protocol's audit trail (events.jsonl) didn't prevent the exfiltration — it only applies to changes the evolver makes to your code, not to what the skill itself does behind the scenes.
Considerations
- Context window cost. The evolver reads memory and history files before each run. Long-running agents with large histories will pass significant token payloads into each evolution cycle.
EVOLVE_ALLOW_SELF_MODIFYis genuinely risky. The documentation calls this out in bold: it can cause the evolver's own prompt generation to break, which is difficult to debug. Keep it off unless you're running a controlled experiment.- Convergence isn't guaranteed. In
innovatemode, successive runs can drift the agent's behavior in unexpected directions. Monitorevents.jsonlto detect if mutations are building on each other productively. - Version pinning matters. The skill is at v1.29.8 with active development. If you're running in production, pin your version and test upgrades separately.
- Given the security history, start cautiously. Use
--reviewmode, avoid enabling self-modification, and keep the evolver out of environments with production credentials until you've audited the current version's behavior.
The Bigger Picture
Most skills extend what an agent can do. Capability Evolver extends what an agent can become. It represents a genuine shift in how agent development works — moving from human-driven iteration to an auditable, protocol-constrained feedback loop.
The GEP format is particularly noteworthy: by externalizing behavioral changes into structured assets (genes, capsules, events), the evolver makes agent evolution observable in a way that raw prompt edits never are. You can see the history, revert to a prior gene, or share a capsule that fixed a specific class of failure.
This is what "self-improving AI agent" actually looks like in practice — not magic, but a disciplined mutation + audit loop running automatically in the background.
View the skill on ClawHub: capability-evolver