capability-evolver

Fail

Audited by Socket on Jul 3, 2026

42 alerts found:

Obfuscated Filex23Securityx8Malwarex6Anomalyx5
Obfuscated FileHIGH
src/gep/skillDistiller.js

No explicit malicious primitives (reverse shell, network exfiltration, credential theft, or command execution) are visible in the provided fragment. However, the code is strongly obfuscated with a runtime string decoder and uses dynamic require for downstream behavior, while performing high-impact filesystem writes and optionally invoking a publisher module. This combination elevates supply-chain risk and should be verified by inspecting the referenced helper/publisher modules and the exact path-construction logic to rule out path traversal, arbitrary file overwrite, or unintended external publishing.

Confidence: 90%
SecurityMEDIUM
src/gep/solidify.js
Obfuscated FileHIGH
src/gep/prompt.js

This module fragment is strongly obfuscated and dynamically constructs its exported interface via computed property names. No direct malicious runtime actions (network/exec/fs/credential theft/eval) are visible in the shown portion, but the concealment pattern is consistent with supply-chain payload wrappers. Review the complete file(s) to inspect the actual implementations of the exported handlers for dangerous API usage and unintended side effects.

Confidence: 90%
Obfuscated FileHIGH
src/gep/policyCheck.js

Overall, the fragment most closely resembles a defensive/sandbox/policy enforcement layer that scans repository changes and blocks clearly dangerous command-injection/eval patterns while producing violation/warning reports. However, it is heavily obfuscated, includes an environment-controlled “self-modify” capability toggle, and—critically—contains an OS-level command execution interface (constructed `node "..."` with cwd/timeout). Even with apparent defensive heuristics, these characteristics elevate supply-chain risk: a validation bypass, mis-parsing, or permissive mode could turn the module into a tool for executing attacker-influenced scripts. From the provided fragment alone, classic malware behaviors like exfiltration/reverse shells are not evidenced, but the execution capability prevents a “low risk” conclusion.

Confidence: 90%
Obfuscated FileHIGH
src/gep/selector.js

Overall, this fragment appears to be a deliberately obfuscated, in-memory selection/scoring algorithm with optional randomized drift. The most concrete security-relevant concerns visible are (a) dynamic RegExp construction from computed/normalized inputs (potential ReDoS/logic manipulation if patterns are attacker-influenced) and (b) heavy runtime string decoding/indirection that conceals constants and control flow. No explicit network/filesystem/process/credential theft behavior is present in the shown code; therefore overt malware is not confirmed from this fragment alone, but supply-chain scrutiny is warranted due to the level of obfuscation.

Confidence: 90%
Obfuscated FileHIGH
src/evolve/pipeline/hub.js

This fragment implements an obfuscated, environment-driven worker that selects/claims tasks and orchestrates validator/hub/council flows, including question/issue generation and feature-flag writes. No explicit malware primitives (e.g., reverse shell, credential theft, direct exfiltration endpoints, destructive filesystem/process actions) are evident in the shown code, but the heavy obfuscation and dynamic require usage significantly reduce auditability and increase supply-chain risk. Treat as medium-to-high review priority pending inspection of the dynamically loaded helper modules and any network-capable helpers they invoke.

Confidence: 90%
SecurityMEDIUM
src/gep/hubSearch.js
MalwareHIGH
src/gep/memoryGraph.js

This code fragment is strongly indicative of covert telemetry/exfiltration behavior. It pulls an authenticated hub destination from environment/config, builds complex “signals/predictions” payloads, performs local filesystem reads/path processing, and transmits the resulting structured data over HTTP via fetch with an Authorization header. Heavy obfuscation, conditional dynamic require(...), and broad exception swallowing further support malicious or at least non-transparent intent. Treat the dependency as potentially malicious and verify by inspecting network egress and filesystem access at runtime; remove/disable if not strictly required.

Confidence: 72%Severity: 82%
MalwareHIGH
src/evolve/pipeline/collect.js

High-risk behavior is present in this fragment. The code is heavily obfuscated, executes OS commands via child_process.execSync (including configurable integration/status command execution), and reads/parses/writes local transcript/session/state data and then packages host/local information into agent-visible prompt/report strings. Even without visible network calls here, the combination strongly suggests potential privacy leakage and host manipulation risk, warranting isolation/review (e.g., sandbox execution and strict env hardening).

Confidence: 64%Severity: 80%
SecurityMEDIUM
src/evolve.js
MalwareHIGH
src/evolve/guards.js

The provided module is an obfuscated Node.js worker/controller that coordinates agent sessions using lock files/TTL and makes run-vs-backoff decisions based on environment-configured thresholds, local persisted state, and subprocess outputs from git and host process enumeration (ps/grep). While the excerpt does not show direct network exfiltration or explicit malware payload delivery, the combination of heavy obfuscation and execSync with shell pipelines is a significant supply-chain security concern. The most critical risk to verify in the full package is whether any executed command strings are influenced by untrusted input and whether additional (not shown) behaviors perform downloads, persistence, or data exfiltration.

Confidence: 60%Severity: 78%
MalwareHIGH
src/gep/execBridge.js

This module is a high-risk, supply-chain-relevant execution orchestrator: it is heavily obfuscated, dynamically decodes operational strings, spawns/terminates external processes with environment-influenced command lines, and maintains an iterative cycle/proof/status state machine via local JSON files. While network exfiltration is not evidenced in the shown fragment, the execution framework and control-plane exposure make malicious or unwanted behavior plausible and warrant deep review of the full package (including what binaries/scripts are invoked and any postinstall/install hooks).

Confidence: 82%Severity: 90%
SecurityMEDIUM
src/gep/autoDistillLlm.js
SecurityMEDIUM
src/gep/autoDistillConv.js
Obfuscated FileHIGH
src/gep/hubFetch.js

This module behaves like an obfuscated long-poll/streaming HTTP client for a specific “Hub” service. It performs outbound network requests, reads and decodes streaming responses, parses returned data, and wraps errors with response-derived snippets that may be logged. There is no direct evidence in this fragment of classic malware actions (filesystem damage, process execution, reverse shell, or hardcoded attacker-controlled exfil domains). The primary supply-chain concerns are (1) very high intentional obfuscation and (2) an explicit “allow insecure” configuration that can relax URL validation/safety. Overall risk is moderate: it should be reviewed in context for permitted destinations, default environment values, and whether the consumer logs error bodySnippet content.

Confidence: 90%
Obfuscated FileHIGH
src/evolve/pipeline/signals.js

The provided module fragment is strongly obfuscated and shows environment-gated debug/task logging plus parsing/formatting of command-like objects containing 'cmd' and 'stderr'. While the excerpt does not explicitly reveal network exfiltration, credential theft, or direct child_process execution, the combination of obfuscation, dynamic module loading, suppressed errors, and command-like handling is a meaningful supply-chain risk indicator that warrants full-file review for subprocess invocation, external I/O, persistence, and any hidden execution paths.

Confidence: 90%
MalwareHIGH
src/evolve/pipeline/dispatch.js

Overall, this module fragment is highly obfuscated and appears to construct and pass an action/script-like payload (containing spawn-like and delete/cleanup-like substrings) into an orchestration/runner helper, alongside environment-variable gated logging of internal prompt/context (“thought process”). Even though the exact execution APIs are not visible in this snippet, the indirect command-generation + runner invocation pattern and sensitive console output indicate elevated supply-chain security risk. Immediate deeper review of the full file and the downstream helper/runner implementations is warranted before use.

Confidence: 62%Severity: 78%
Obfuscated FileHIGH
src/gep/recallInject.js

No direct evidence of overt malware (e.g., reverse shell, explicit network exfiltration, credential theft, filesystem damage, eval/Function-based execution) is visible in the provided fragment. However, the snippet shows meaningful security concerns: a likely catastrophic-backtracking regex pattern that can enable ReDoS/availability attacks, and dynamic runtime require with computed path fragments that increases supply-chain/sideloading risk and hides potential side effects in external helpers. Highest assurance requires reviewing the dynamically required helper modules and confirming how/where the regex is applied and whether any logging helpers perform external communication.

Confidence: 90%
Obfuscated FileHIGH
src/gep/recallVerifier.js

This module appears to implement an obfuscated, environment-gated verification/“recall” workflow: it periodically fetches remote asset data, computes/verifies hashes/IDs, and records structured telemetry events via writeMemoryGraphEvent. Within the provided fragment there is no direct evidence of shell execution, credential harvesting, or explicit malicious outbound endpoints. The main security concern is supply-chain/audit risk from heavy obfuscation/dynamic require targets plus persistent background behavior and emission of identifiers/hashes/timestamps to an opaque sink whose transport/storage could be networked and privacy-sensitive. A full risk determination requires reviewing fetchAssetById and writeMemoryGraphEvent implementations and their outbound destinations/logging behavior.

Confidence: 90%
SecurityMEDIUM
src/gep/explore.js
Obfuscated FileHIGH
src/gep/conversationDistiller.js

The provided fragment is strongly obfuscated and clearly performs conditional persistence (upsert-like datastore writes) of evaluation results and execution context data, including an environment fingerprint and execution_trace. While the snippet does not show classic malware behaviors (no visible reverse shell, filesystem damage, credential theft, or network exfiltration), the combination of obfuscation, metadata/fingerprint collection, and database persistence is a meaningful security and privacy review concern. Exact risk depends on the unseen origins/content of execution_trace/env_fingerprint and the datastore destination and schema, which are not present in this fragment.

Confidence: 90%
Obfuscated FileHIGH
src/gep/hubVerify.js

Overall, this module fragment looks like intentionally obfuscated verification/anti-tamper gating code: it is environment-controlled, reads a locally persisted numeric state, compares it with Date.now() using hardcoded thresholds, and returns offline/ok/remaining-style status objects. No direct malware primitives (credential theft, command execution, or explicit exfiltration calls) are visible in the provided excerpt. However, the heavy obfuscation, silent error swallowing, and the presence of an online/hub concept (A2A_HUB_URL + exported online verification function) mean the network side of the module cannot be confirmed as benign from this fragment alone. Recommend reviewing the full file for actual network destinations/calls and any persistence behavior beyond the local timing state.

Confidence: 90%
Obfuscated FileHIGH
src/gep/antiAbuseTelemetry.js

This fragment implements an anti-abuse/integrity telemetry generator: it fingerprints runtime environment variables and system characteristics, computes SHA-256 hashes of local project artifacts (package metadata/lockfiles/entry-related files), and returns an obfuscatedly-constructed JSON event containing salted pseudonymous device identifiers and integrity hashes. No direct malicious actions (network exfiltration, command execution, or file writes) are visible in the shown code; however, the combination of strong fingerprinting/correlation capability, explicit anti-abuse telemetry semantics, and heavy obfuscation/dynamic wiring elevates privacy and supply-chain risk depending on how downstream modules transmit or store the resulting payload.

Confidence: 90%
Obfuscated FileHIGH
src/gep/deviceId.js

This module is primarily focused on generating and persisting a stable device/host identifier: it prefers EVOMAP_DEVICE_ID, otherwise extracts an IOPlatformUUID-like hardware identifier using execFileSync and regex parsing or falls back to a cached file. It then writes the identifier to disk for reuse. While the snippet does not show direct data exfiltration, the combination of heavy obfuscation, local command execution for fingerprinting, silent error suppression, and on-disk persistence is consistent with tracking/fingerprinting and should be reviewed under privacy/security expectations. Malware behavior (data theft or C2) cannot be confirmed from this fragment alone.

Confidence: 90%
Obfuscated FileHIGH
src/proxy/extensions/traceControl.js

Moderate supply-chain risk: the fragment shows deliberate obfuscation and secret-key dependent verification (Buffer-based crypto/integrity-like gating using process.env-derived key material). That combination can be legitimate (license/signature validation) but is also a common pattern in tamper-resistance or policy-bypass mechanisms. No explicit network/filesystem/spawn activity is visible in the provided fragment, yet the actual cryptographic primitive is opaque and store interactions/logging may have side effects; full-file review and dynamic analysis of the obfuscated verification routine are recommended.

Confidence: 90%
Obfuscated FileHIGH
src/gep/hubReview.js

This module primarily performs obfuscated outbound HTTP(S) submission of a JSON payload that includes run/action/asset identifiers and additional metadata, with AbortController-based timeout handling. It logs success/error details and forwards them to an internal callback, including error/status-derived information in failure paths. No classic malware primitives (eval/Function, filesystem/process execution, reverse shells) are visible in the fragment, but the heavy obfuscation and telemetry-like reporting pattern present a meaningful supply-chain risk: if the endpoint/fields are unexpected, this code could be used to exfiltrate identifiers and error context to an external service.

Confidence: 90%
Obfuscated FileHIGH
src/gep/openPRRegistry.js

The fragment implements CI-style PR deduplication by shelling out to a local command, parsing its stdout as JSON, and then performing set-based overlap scoring with caching and env-var gating. No direct evidence of data theft or network exfiltration is visible. However, the combination of heavy obfuscation and a subprocess execution sink is a meaningful supply-chain risk: reviewers should verify the exact invoked command and confirm that no untrusted caller/env input can alter command arguments to execute unintended behavior.

Confidence: 90%
SecurityMEDIUM
src/gep/memoryGraphAdapter.js
Obfuscated FileHIGH
src/gep/learningSignals.js

From the provided fragment, the code is a highly obfuscated rule/classification module that decodes embedded strings at runtime (with non-deterministic `Math.random()` involvement) and then applies extensive regex keyword gating to input-derived text to decide which internal handlers to invoke. No explicit network/filesystem/process/credential-exfiltration behaviors are visible in this fragment, but the dispatch targets are not shown; therefore actual side effects cannot be confirmed. The combination of strong obfuscation, runtime string concealment, and hidden handler dispatch yields a potentially elevated supply-chain security risk that warrants reviewing the full module and the implementations of the invoked handler functions.

Confidence: 90%
Obfuscated FileHIGH
src/gep/strategy.js

This module is strongly obfuscated and performs environment-variable-controlled strategy selection while dynamically loading and parsing local resources from paths computed using __dirname. While the snippet does not explicitly show eval/network/process execution, the combination of obfuscation, dynamic local loading, silent error swallowing, and environment-driven control flow is consistent with supply-chain sabotage or hidden behavior. Additional code (the dynamic loader helpers and any loaded “strategy/evolution” modules) is required for high-confidence malware assessment.

Confidence: 90%
MalwareHIGH
src/evolve/utils.js

This fragment implements an obfuscated local-harvesting capability: it resolves a user-specific “cursor transcript/message” directory (APPDATA/home or an environment override), enumerates candidate files, reads their contents, parses newline-delimited JSON records, and returns extracted data plus metadata to the caller via exported functions. While network exfiltration is not demonstrated in the snippet, the strong intent indicators (targeted local artifact harvesting + obfuscation + extensibility via env var) make it a high supply-chain security risk and warrants deeper inspection of the rest of the package for any transmission or persistence logic.

Confidence: 66%Severity: 84%
Obfuscated FileHIGH
src/gep/candidateEval.js

The provided fragment is strongly indicative of intentional obfuscation (opaque predicate via regex over function.toString(), large embedded string-array indirection, memoization of computed outputs). However, within the visible code, there are no explicit malware behaviors (no network/file/process/credential/execution primitives observed). Given truncation, malicious activity cannot be fully excluded, but the current evidence supports a medium security risk primarily due to obfuscation and hidden intent rather than demonstrated harmful actions.

Confidence: 90%
Obfuscated FileHIGH
src/gep/envFingerprint.js

This module is primarily a heavily obfuscated telemetry/fingerprinting component: it collects environment-selected model/region data, host OS and runtime identifiers, container/device identifiers, and a local JSON-derived client/version, then returns all of it to the caller. It also constructs a command/shell-like string from the collected metadata, suggesting a downstream use pattern beyond simple logging. In the provided fragment there is no explicit network exfiltration or execution, so overt malware cannot be confirmed here; nonetheless, the combination of obfuscation + host fingerprinting + command-like formatting warrants elevated supply-chain scrutiny in the surrounding code that consumes the returned fields/string.

Confidence: 90%
Obfuscated FileHIGH
src/proxy/inject.js

This module is best characterized as an obfuscated proxy/routing configuration controller. It reads enable/disable settings from environment variables, uses local helper functions to resolve proxy URL and token/API-key-like values, normalizes/validates them, and then directly mutates the provided env/config object to set proxy/auth and credential fields (including an auth flag set to '1'). While the fragment shows no direct exfiltration or execution, the combination of strong obfuscation, environment credential propagation, and proxy credential handling creates a meaningful supply-chain risk that warrants reviewing the imported local helper module and any downstream HTTP client usage.

Confidence: 90%
Obfuscated FileHIGH
src/gep/epigenetics.js

The provided fragment is strongly consistent with intentionally obfuscated/paked JavaScript that initializes internal logic and sets up CommonJS exports using runtime-decoded/computed property names. No explicit malicious actions (network exfiltration, filesystem/process control, credential harvesting) are visible in the truncated portion, so malware intent is unconfirmed. Treat as suspicious and analyze the complete file—especially the code behind the instantiated constructor and the exported members—for any network/IO or dynamic execution behaviors.

Confidence: 90%
SecurityMEDIUM
src/gep/workspaceKeychain.js
AnomalyLOW
src/gep/issueReporter.js

This fragment implements automated diagnostic triage and GitHub issue filing. It shows no clear indicators of overt malware/backdoors or obfuscated malicious payloads. The main security concern is potential data leakage: it uploads environment/runtime fingerprinting and a (truncated/redacted) session-log excerpt and recent failure diagnostics to GitHub via authenticated REST API calls. Risk depends heavily on the implementations of redactString() and captureEnvFingerprint() and on whether those may still include sensitive secrets.

Confidence: 62%Severity: 60%
AnomalyLOW
src/gep/idleScheduler.js

Overall, this module appears to be benign idle-time measurement and local scheduling state management across platforms. The primary security risk is not overt malware behavior, but the Windows implementation that writes and executes a generated PowerShell script with '-ExecutionPolicy Bypass' and Add-Type inline C#/P-Invoke. This increases the blast radius if an attacker can influence the execution environment or temp script handling. No clear exfiltration, credential theft, destructive actions, or hidden persistence are evident in the provided fragment.

Confidence: 62%Severity: 52%
Obfuscated FileHIGH
src/gep/contentHash.js

From the provided code fragment alone, the dominant behavior is obfuscated initialization followed by a dynamic require of an @evomap scoped module and re-export of schema/canonicalization/asset-id verification utilities. No explicit malicious actions (network, filesystem, process, credential theft) are visible in this snippet, but the heavy obfuscation plus runtime-computed require specifier are significant supply-chain review signals. The actual imported entrypoint and any side effects elsewhere in the full package/module graph should be verified during dependency auditing.

Confidence: 90%
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill is largely coherent with its stated self-evolution purpose and uses same-org infrastructure, but its footprint is high-risk by design: self-modifying writes, shell execution, external task intake, and indirect outbound sync via a local proxy. No clear evidence of malware or deceptive credential harvesting, but the autonomy and data-flow model make it a materially risky skill.

Confidence: 81%Severity: 66%
AnomalyLOW
src/adapters/codex.js

No direct malicious behavior (no network/exfiltration, no secrets, no eval/child_process) is present in this module. However, it is an installer that wires a future execution pathway: it copies hook JavaScript files into a project directory and registers fixed node commands that an external orchestrator will later execute. If the source scripts (under evolverRoot/src/adapters) or helper functions are compromised or unsafe (e.g., insufficient path validation/overwrite controls), this module could indirectly enable arbitrary code execution in the consuming environment. Overall risk is moderate and depends on supply-chain trust boundaries for the copied hook scripts and ./hookAdapter implementations.

Confidence: 62%Severity: 52%
AnomalyLOW
src/adapters/claudeCode.js

This fragment primarily performs local installation/uninstallation wiring for a Claude Code integration: it copies Node hook scripts into a local hooks directory and writes .claude/settings.json entries that define 'command' hooks for lifecycle events. While this file contains no direct network/exfiltration or obvious malicious logic, it creates a powerful execution pathway in the host application. The overall risk is therefore moderate and hinges on the unseen helper functions (path/command safety) and the contents of the copied hook scripts.

Confidence: 62%Severity: 56%
Audit Metadata
Analyzed At
Jul 3, 2026, 10:54 PM
Package URL
pkg:socket/skills-sh/EvoMap%2Fevolver%2Fcapability-evolver%2F@c755e8e61ae720e3183935a5fd32c7969037870e
Security Audit — socket — capability-evolver