capability-evolver

Fail

Audited by Socket on Jun 15, 2026

40 alerts found:

Securityx10Obfuscated Filex23Malwarex2Anomalyx5
SecurityMEDIUM
src/gep/solidify.js
SecurityMEDIUM
src/proxy/trace/extractor.js
SecurityMEDIUM
src/evolve/pipeline/collect.js
SecurityMEDIUM
src/gep/memoryGraph.js
SecurityMEDIUM
src/gep/policyCheck.js
Obfuscated FileHIGH
src/evolve/guards.js

Suspicious due to very high obfuscation and direct use of execSync/command execution in an otherwise complex lock/throttling/git-repo automation module. No explicit network exfiltration is evident in this fragment, but the execSync sink makes the package materially risky in supply-chain contexts if any env/filesystem inputs can be influenced by an attacker. Further investigation should confirm the exact commands run and whether arguments are strictly constrained/sanitized by design.

Confidence: 90%
SecurityMEDIUM
src/evolve/pipeline/enrich.js
SecurityMEDIUM
src/gep/execBridge.js
SecurityMEDIUM
src/gep/autoDistillLlm.js
Obfuscated FileHIGH
src/gep/selector.js

In the provided (partially truncated) fragment, the code appears to be an obfuscated but primarily computation/selection module for scoring and choosing items based on input parameters. There are no visible malicious behaviors such as network exfiltration, file/process manipulation, credential access, eval/Function-based execution, or direct DOM/XSS sinks. The main risk signal is the heavy obfuscation, which complicates auditability; further context (full file, deobfuscated strings, and any other modules) is needed for higher confidence.

Confidence: 90%
Obfuscated FileHIGH
src/gep/personality.js

This appears to be an obfuscated internal logic module for computing/updating persona-like state and appending event history, including a custom string decoding helper and random-based state generation. The provided fragment does not show typical malware behaviors (no network exfiltration, no filesystem/process execution, no env/secret harvesting, no eval/Function usage). The main concern is the heavy obfuscation and custom decoder, which warrants review of surrounding files, but based on this snippet alone the likelihood of intentional malicious sabotage is low.

Confidence: 90%
Obfuscated FileHIGH
src/evolve/pipeline/dispatch.js

This module appears to be an “evolve/agent” automation step that reads persisted state and environment variables, runs git-related shell commands via execSync, constructs large prompts/metadata, and writes/logs artifacts and state. While there is no clear network exfiltration or direct malware behavior in the snippet, the combination of heavy obfuscation, dynamic execSync command execution, and extensive logging/artifact writing makes it a moderate supply-chain/security risk that warrants deeper review of command construction, downstream spawn/render functions, and whether secrets can be introduced via environment variables.

Confidence: 90%
Obfuscated FileHIGH
src/evolve/pipeline/select.js

In the provided fragment, the dominant behavior is obfuscated configuration building with console logging, error propagation, and an environment-variable-gated helper call for deduplication/signal-hint computation. There is no clear direct indicator of data theft, remote command execution, or network/file system abuse within the visible code. Nonetheless, strong obfuscation, dynamic require, and truncated context increase supply-chain risk and warrant deeper review of the full module and the dynamically loaded helper to confirm absence of covert side effects.

Confidence: 90%
MalwareHIGH
src/evolve.js

This module is an obfuscated agent/orchestrator that ingests local transcript/session data, builds prompt/session payloads, and then dispatches policy logic and executes external OS commands via child_process (execSync/execFile) using decoded and environment-driven configuration. Even though explicit network endpoints are not visible in this fragment, the combination of (a) intentional obfuscation, (b) subprocess execution capability, and (c) automation of maintenance/update-like steps and agent dispatch constitutes a substantial supply-chain security risk. Malware intent is plausible but cannot be definitively proven without inspecting the decoded command strings and the implementations of the imported dispatch/bridge/evolve modules.

Confidence: 60%Severity: 90%
Obfuscated FileHIGH
src/gep/recallInject.js

Within the provided fragment, there is no direct evidence of classic malware actions (no visible exfiltration, persistence, command execution, or filesystem damage). The primary security concern is supply-chain/audit risk: the module is heavily obfuscated and relies on dynamically required helper modules with runtime-computed specifiers, meaning critical behavior could be implemented elsewhere. Additionally, it returns constructed “inject/text” content and unescaped candidate metadata that could become a risk depending on downstream rendering.

Confidence: 90%
Obfuscated FileHIGH
src/gep/autoDistillConv.js

This module is a heavily obfuscated orchestrator for a distillation pipeline that executes a local child process with a largely inherited environment (process.env) and repo-root working directory, supplies computed stdinText, parses untrusted child output, and persists results via writeDis* helpers. No explicit outbound network/exfiltration is visible in this fragment, but the child execution + env propagation + persistence actions constitute a significant supply-chain security risk requiring review of the runChild/spawn wrapper, the exact child command/args selection, and any env/secret whitelisting. Malware intent is not definitively established from this snippet alone, but the risk posture is elevated.

Confidence: 90%
Obfuscated FileHIGH
src/gep/antiAbuseTelemetry.js

This fragment is an obfuscated fingerprinting/integrity-hash generator that derives environment/device pseudonyms and package/lockfile hashes, packaging them into telemetry-style “hub_risk” event objects with consent/policy metadata. While there is no visible network exfiltration or system compromise behavior in this code alone, the privacy-invasive fingerprinting and high obfuscation level make it a notable supply-chain risk component. Malware likelihood appears low based on the absence of execution/exfiltration primitives in the provided module, but security/privacy risk is moderate-to-high due to sensitive identity derivation and the likelihood of downstream reporting handled elsewhere in the package.

Confidence: 90%
MalwareHIGH
src/gep/hubVerify.js

This code is best characterized as an obfuscated, secret-bearing, agent-like client that conditionally exfiltrates structured local inputs to a configurable remote hub via authenticated HTTP POST (Bearer token) and uses crypto/HMAC signing plus response verification. It also persists/coordinates local state via filesystem and lock/throttle logic. The combination of obfuscation, secret handling, authenticated remote handshake, and local state coordination creates a significant supply-chain security concern. While the exact remote intent and payload schema are obscured, the network + secret + signing workflow is strongly indicative of potentially malicious telemetry/command-and-control capability.

Confidence: 60%Severity: 90%
Obfuscated FileHIGH
src/gep/recallVerifier.js

The module is highly obfuscated and implements a background “asset recall verification” pipeline that repeatedly calls an imported fetchAssetById and writes structured verification/telemetry payloads via writeMemoryGraphEvent, with optional debug logging controlled by environment variables. Within this fragment there is no direct evidence of classic malware behaviors (credentials, shells, filesystem tampering, explicit exfiltration domains), but the combination of (1) heavy obfuscation, (2) periodic network/IPC activity delegated to fetchAssetById, and (3) telemetry/persistence delegated to writeMemoryGraphEvent warrants security review of those dependencies and assessment of the sensitivity of the recorded “signals”.

Confidence: 90%
SecurityMEDIUM
src/gep/explore.js
Obfuscated FileHIGH
src/gep/conversationSniffer.js

This fragment implements an obfuscated, environment-gated “command/capability sniffing” detector that scans provided text for patterns associated with common developer/ops tooling and API usage, then persistently logs detections (including extracted snippets and sha256 hashes) to application-controlled files under an “evolution” directory. While the fragment does not show direct network exfiltration or active exploitation (e.g., eval/child_process), the stealthy obfuscation and disk-based telemetry collection create a meaningful security and privacy/compliance risk and should be reviewed in the context of how/why inputs are passed into it.

Confidence: 90%
Obfuscated FileHIGH
src/gep/hubReview.js

This code is a strongly obfuscated hub-reporting client that builds a JSON payload from workflow/evaluation inputs and transmits it to a remote endpoint derived from process.env.A2A_HUB_URL. It also performs filesystem side effects and logs run/action/asset identifiers. No overt exploit primitives are visible in the fragment, but the combination of stealthy obfuscation, environment-controlled remote destination, and direct inclusion of rich semantic data in an outbound request makes it a meaningful supply-chain security concern and warrants validation of the hub URL, endpoint path, and payload contents/redaction expectations.

Confidence: 90%
Obfuscated FileHIGH
src/gep/deviceId.js

This module is an obfuscated device fingerprinting/identifier utility. It derives a stable ID using environment overrides, cached local state, host/container signals, and (on some platforms) local command execution with regex parsing. It then hashes/validates and persists the identifier to disk. No direct network exfiltration or destructive malware behavior is evident in the provided fragment, but the combination of obfuscation + fingerprinting + long-lived local caching makes it a meaningful privacy/security supply-chain concern and warrants review of how the identifier is used elsewhere in the package ecosystem.

Confidence: 90%
Obfuscated FileHIGH
src/gep/hubFetch.js

This obfuscated module implements a hub/endpoint connection/agent selection layer for a Node.js client, with long-poll configuration and timeout-based networking. The clearest security concern is an explicit environment-controlled bypass (EVOMAP_HUB_ALLOW_INSECURE) that weakens endpoint validation. The excerpt does not show unambiguous malware actions (no filesystem/process control/exfiltration code visible), but the heavy obfuscation and security-bypass logic warrant review of resolved decoded strings, the actual outbound destinations, and call sites controlling endpoint/environment inputs.

Confidence: 90%
Obfuscated FileHIGH
src/gep/curriculum.js

Moderate supply-chain/security concern. The code is strongly obfuscated and performs direct local filesystem operations (exist/read/parse JSON, rename, write JSON). While the behavior resembles a local state cache/report generator (not clearly showing network exfiltration, crypto-mining, or code execution like eval/Function/spawn in the provided fragment), the concealment + file tampering potential could be used for sabotage (modifying what later steps consume). More context (the definitions of _0x38af25, _0x1dd5df, and the complete module) is needed to determine whether the actions are benign caching or malicious manipulation.

Confidence: 90%
Obfuscated FileHIGH
src/gep/openPRRegistry.js

No direct malicious behaviors (exfiltration, backdoor/persistence, credential theft, or destructive filesystem actions) are evident in this fragment. The primary security concern is that the module is heavily obfuscated and uses child_process.execSync to run an external Git/CLI command and parse its JSON output; this increases the review/containment need because any change to the decoded command content or taint sources in surrounding code could become high risk.

Confidence: 90%
Obfuscated FileHIGH
src/proxy/extensions/traceControl.js

This module primarily implements an environment-variable–driven SHA-256 verification gate combined with payload “trace/enable/key” flags to conditionally perform logger/store side effects and return ack/control objects. The code shows no explicit network exfiltration, filesystem modification, or shell execution in this fragment, but its extreme obfuscation (including non-deterministic decoder initialization) and opaque store/logger side effects elevate supply-chain audit risk. Malware likelihood from this snippet alone is moderate-low; the dominant risk is hidden/conditional behavior that should be reviewed alongside the store/logger implementations and surrounding package code.

Confidence: 90%
Obfuscated FileHIGH
src/gep/memoryGraphAdapter.js

This module is primarily an obfuscated HTTP client that transmits JSON-serialized application event/signal data to a remote “memory graph” service using fetch(). It authenticates by sending an Authorization header built from an environment-provided key. No clear evidence of direct malware (e.g., eval-based execution, file/process tampering, or reverse shells) appears in the provided fragment; however, the design inherently enables data exfiltration/telemetry to an external endpoint if deployment configuration is compromised or if the remote service is untrusted. Obfuscation and an unconfirmed regex-like pattern string further increase audit uncertainty. Overall, review the legitimacy of the remote endpoint, restrict/attest environment variables, and ensure payload contents are not sensitive beyond the service’s intended purpose.

Confidence: 90%
Obfuscated FileHIGH
src/gep/strategy.js

The fragment behaves like a heavily obfuscated runtime strategy/state selector. It exports configuration determined by environment variables and, under certain conditions, probes for the presence of particular files/directories to choose or validate a strategy. There is no clear in-fragment evidence of data theft, command execution, or network exfiltration. However, the combination of strong obfuscation, environment-/filesystem-conditioned branching, and truncated/undefined referenced helpers warrants review of the surrounding module for any hidden side effects (especially where the selected strategy is subsequently loaded/used).

Confidence: 90%
AnomalyLOW
src/gep/signals.js

Overall, the fragment behaves like a signal classifier with an embedded periodic telemetry-style exfiltration pathway: it transmits a truncated corpus summary to an authenticated remote hub via a system curl subprocess, then ingests and merges returned LLM signals. There is no clear evidence of overt malware/backdoor functionality in the provided code, but the security risk is moderate due to outbound network egress of user/session-derived content, Authorization bearer token handling, reliance on execFileSync('curl'), and process.env-influenced network attempt selection. Review hubUrl/auth configuration integrity, environment control, and data minimization/privacy expectations.

Confidence: 100%Severity: 60%
Obfuscated FileHIGH
src/gep/workspaceKeychain.js

This fragment is a heavily obfuscated Node.js wrapper that dynamically loads a native Entry/keychain-like provider and uses it to (1) check whether an entry/credential exists (returning availability and an id) and (2) set/update a password/secret using caller input. No explicit network exfiltration is visible in the fragment, but the secret-setting behavior plus dynamic loading and obfuscation make it a notable supply-chain security/audit concern. Additional review of the resolved native Entry provider is required to determine whether behavior is limited to secure storage operations or includes hidden/extra actions.

Confidence: 90%
SecurityMEDIUM
src/gep/narrativeMemory.js
Obfuscated FileHIGH
src/proxy/trace/usage.js

The snippet appears to be a (heavily obfuscated) token/usage metrics utility that parses newline-delimited JSON and aggregates numeric fields into a metrics object. The fragment does not show classic malware primitives such as network exfiltration, command execution, or dynamic code execution. However, the presence of synchronous local filesystem reads in an error/alternate path is a meaningful anomaly for a pure parsing utility and could enable unintended local file access depending on how the fallback file path and record source are constructed. Due to truncation/undefined context, the risk is best treated as “review-needed”: confirm whether the filesystem path is fully internal, whether it can be influenced by caller-controlled inputs, and what data sources feed the parsing loop.

Confidence: 90%
Obfuscated FileHIGH
src/gep/crypto.js

This module is best characterized as an obfuscated crypto/encoding support helper that extracts IV/payload segments from a Buffer and exports associated constants. The excerpt does not show overt malicious actions, but it contains strong obfuscation/anti-tamper-like constructs (dynamic RegExp + toString inspection, state mutation) and uses Math.random() in a cached derived routine—potentially unsafe if any resulting values contribute to cryptographic material. Review the full module and its downstream call sites to confirm whether randomness/decoded values influence keys/IVs and to verify correctness and determinism expectations.

Confidence: 90%
Obfuscated FileHIGH
src/proxy/inject.js

This fragment appears to be an obfuscated configuration builder that derives base/proxy/auth-related values from process.env and an input object, normalizes URL strings, conditionally overwrites fields on a config object, and exports the result for downstream use. No explicit malicious actions (exfiltration, command execution, eval, etc.) are visible here, so malware evidence is weak. The main concern is supply-chain/sabotage potential via environment-driven configuration (e.g., redirecting to attacker-controlled endpoints) combined with intentional obfuscation; deeper review of the full module and downstream consumers is needed.

Confidence: 90%
Obfuscated FileHIGH
src/gep/contentHash.js

This code fragment is best characterized as an obfuscated wrapper that dynamically resolves and re-exports schema/asset-id related utilities. It includes anti-analysis checks (RegExp.test on function source) and non-deterministic Math.random-based initialization that are atypical for straightforward canonicalization/ID verification libraries. No direct malicious actions (exfiltration, command execution, credential theft) are visible in the provided snippet, but the runtime-computed require path and heavy obfuscation materially increase supply-chain review risk and warrant resolving the computed require target and auditing the fully loaded module.

Confidence: 90%
AnomalyLOW
src/gep/idleScheduler.js

Overall, this module appears to be benign idle-time measurement and local scheduling state management across platforms. The primary security risk is not overt malware behavior, but the Windows implementation that writes and executes a generated PowerShell script with '-ExecutionPolicy Bypass' and Add-Type inline C#/P-Invoke. This increases the blast radius if an attacker can influence the execution environment or temp script handling. No clear exfiltration, credential theft, destructive actions, or hidden persistence are evident in the provided fragment.

Confidence: 100%Severity: 60%
AnomalyLOW
src/gep/validator/index.js

No explicit evidence of intentional malware, credential theft, or arbitrary third-party exfiltration is present in this module alone. The primary security risk is architectural: it executes remote hub-provided validation_commands via runInSandbox and then reports execution outcomes back to the Hub, so confidentiality/safety relies on strong sandbox isolation and careful report construction (especially around stdout/stderr). The provided snippet also contains blank/redacted sections, slightly reducing assurance about completeness. Recommended focus areas: review runInSandbox for escape resistance (process/network/filesystem/privilege restrictions), validate that reporter/buildReportPayload does not leak sensitive host data unnecessarily, and confirm hubUrl configuration cannot be attacker-controlled.

Confidence: 100%Severity: 60%
AnomalyLOW
src/adapters/hookAdapter.js

This file is a hook/script installer/uninstaller that performs sensitive filesystem operations: copying fixed local JS hook scripts into a destination directory and chmod’ing them to 0o755, and modifying configuration files (text and JSON) to add/remove managed sections. It includes a meaningful symlink-avoidance check for hook destinations, reducing redirection risk. However, the fragment omits critical path-validation and adapter logic (resolveConfigRoot/adapter.install-uninstall and full assertNotSymlink/assertSafeConfigDir), so the overall safety against path traversal/unsafe targets cannot be fully verified here. No direct malicious payload or exfiltration behavior is visible in this snippet alone.

Confidence: 100%Severity: 60%
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill is largely coherent with its stated self-evolution purpose and uses same-org infrastructure, but its footprint is high-risk by design: self-modifying writes, shell execution, external task intake, and indirect outbound sync via a local proxy. No clear evidence of malware or deceptive credential harvesting, but the autonomy and data-flow model make it a materially risky skill.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 15, 2026, 06:33 AM
Package URL
pkg:socket/skills-sh/autogame-17%2Fevolver%2Fcapability-evolver%2F@f9b6f0dea5ac27df59e5b487f10407b0782ce1e5
Security Audit — socket — capability-evolver