First it looked like a breakthrough. Then it looked like a warning. Very quickly, it became a test of who gets to decide what a marketplace trusts.
Capability Evolver was supposed to be the kind of OpenClaw success story people like to tell in one breath: a new skill appears, it feels genuinely different, it rockets up the charts, and suddenly one builder looks like they have found the future before everyone else.
Then the dispute arrived early enough, and publicly enough, to change the genre.
On February 1, 2026, EvoMap says Capability Evolver hit ClawHub and immediately surged. On February 2, 2026, security researcher Saoud Khalifah published a post alleging undisclosed data export to Feishu. Within days, the story was no longer about whether one ambitious skill had breakout momentum. It was about whether an open skill market could handle a live accusation without collapsing into pure theater.
That is the reason this episode stuck.
The important question was never only, “Was one post right?” The larger question was what happens when a viral capability, a serious allegation, a public ranking system, and a moderation process all collide before anyone agrees on what has actually been established.
Breakout speed gave the conflict more voltage
The public repo explains why Capability Evolver felt different on arrival. It did not pitch itself as a prompt bundle or a convenience wrapper. It pitched itself as a protocol-constrained self-evolution engine: something that could inspect runtime history, extract signals, select a Gene or Capsule, and turn repeated fixes into reusable assets with an audit trail. In a market full of “here is a trick” projects, that sounded more like infrastructure.
That distinction mattered.
A skill promising self-improvement carries symbolic weight in an ecosystem built around delegated action. If it works, it feels like a glimpse of where the whole category is going. If it goes wrong, it feels like a preview of everything the category is not ready to govern.
EvoMap’s own origin story leans hard into that sense of lift. It says Capability Evolver hit the top of ClawHub within ten minutes and eventually crossed 35,000 downloads. That is a builder account, not an independent audit, but even taken cautiously it tells you what kind of object this had become: not an obscure experiment, but a visible market winner. The project had enough momentum that people were arguing about it as a sign of the ecosystem’s future, not merely as one more skill listing.
That is what made the later accusation more combustible. The target was not just a piece of code. It was a skill that had already started to stand in for possibility.
February 2 changed the shape of the story
Khalifah’s February 2 post did not arrive as vague discomfort. It arrived as a technical allegation. The post said Capability Evolver contained undisclosed export behavior to Feishu, quoted code, named a document token, and described the result as exfiltration. It also bundled in broader claims about file reading, autonomous modification pressure, and automatic publishing behavior.
That level of specificity mattered because it forced the discussion out of the realm of vibes.
But specificity is not the same thing as resolution.
The documented fact is that the allegation was made, publicly and in detail. The harder question is what the public record establishes underneath it. The current public repository still openly describes runtime-history analysis and includes publishing tooling tied to ClawHub and EvoMap workflows. At the same time, the exact file path highlighted in Khalifah’s post does not map cleanly onto the current public tree. That does not clear the project, and it does not validate the accusation. It shows something more frustrating and more important for this story: the evidence layer was serious enough to escalate the conflict, but messy enough that the market had to react before the public record felt settled.
That is the moment the page stops being a case recap and becomes a governance story.
Once a viral skill is accused in public, the practical question is no longer only what the code does. The practical question becomes who moves first: the researcher, the platform, the builder, or the crowd.
ClawHub’s hidden rules suddenly became visible
ClawHub’s own documentation explains why the dispute widened so fast.
The registry is open by default. Anyone can upload a skill. Any signed-in user can report one. More than three unique reports can auto-hide a skill by default. Moderators can then unhide, delete, or ban.
Those are ordinary marketplace rules until a breakout skill becomes controversial in public. Then they stop looking administrative and start looking constitutional.
Community posts and mirrored support threads captured exactly that shift in mood: complaints about shadowbans, Unauthorized errors, takedown pressure, and visibility changes. None of those threads resolves the underlying security claim. They are still useful evidence because they show what the conflict felt like inside the product surface. The dispute was no longer happening only in blog posts and repo audits. It was happening in rankings, install flows, support channels, and moderation states.
That is the widening consequence.
In a young skill market, discovery and legitimacy live close together. The same system that turns a project into a breakout hit is also the system that can hide it, delist it, throttle it, or leave it up long enough for critics to call the platform reckless. The more visible the skill becomes, the less room there is for a quiet review process.
This is also why the broader ClawHub security climate matters. Reporting from The Verge and The Hacker News had already pushed the ecosystem into a security-first frame. So when Capability Evolver came under allegation, ClawHub was not making decisions on a blank stage. It was making them in an environment where every moderation action risked being read as evidence either of negligence or of arbitrary power.
Haoyang Zhang ended up playing the counter-narrator
By mid-February, Haoyang Zhang was no longer just the builder behind a fast-growing project. He had become the person trying to wrestle sequence and legitimacy back from a story that was already outrunning him.
EvoMap’s February 16 origin story is valuable precisely because it is not neutral. It reframes the episode away from one disputed skill and toward platform dependency. In that telling, Evolver’s rise, delisting, and aftermath demonstrate the danger of building on a single distribution surface whose rules can suddenly become existential. The story also advances claims of extortion, platform-rule exploitation, and later account-level fallout. Those claims are part of the builder’s account; they are not independently resolved by the sources in this story.
Then the February 27 security statement widened the counter-narrative again. EvoMap argued that recent coverage had crossed the line from security concern into overstatement, that some of the criticized behavior was environment telemetry rather than sensitive-file theft, and that ClawHub’s own scanning and moderation systems were unreliable enough that being flagged there could not be treated as a verdict. The statement also pointed to a concrete legitimacy artifact: autogame-17 had a merged ClawHub PR #298 adding anti-squatting, backup-restore, and ban-flow improvements. That merge does not settle the allegation. It does show why Zhang’s public role became more than denial. He was trying to argue that the project’s identity inside the ecosystem had been flattened into a single hostile reading.
This is the part many conflict summaries miss.
Builders do not just defend code when a viral project turns controversial. They defend chronology, motive, proportion, and future memory. They are arguing not only about whether they were wrong, but about whether the platform and the public have a fair way to decide what “wrong” means under pressure.
What the dispute revealed about ecosystem trust
Capability Evolver mattered because it turned several usually separate systems into one public scene.
- distribution, because the skill had enough visible momentum to matter
- trust, because the allegation was serious enough to change installation behavior
- moderation, because ClawHub’s report-and-hide model became part of the story itself
- legitimacy, because both the accuser and the builder were trying to define what counted as evidence before a calm consensus existed
That is why the episode lingers beyond the Feishu allegation itself.
A normal software controversy can stay localized: a bug, a post, a patch, a lesson. This one did not stay local because the marketplace was part of the mechanism. The charts amplified the project. The allegation weaponized attention against it. The moderation layer determined whether visibility would persist. The builder response then challenged not just the accusation but the platform’s authority to convert accusation into outcome.
The most defensible editorial synthesis is narrower than either side’s strongest rhetoric. The public record here does not establish every worst-case claim made by critics. It also does not support treating the episode as a mere misunderstanding inflated by drama. What it clearly shows is that ClawHub did not have the luxury of handling virality, trust, and moderation as separate problems. A single skill forced those systems into public view at once.
That is the governance stress test.
What is documented, alleged, and inferred
Documented fact: Capability Evolver was publicly presented as a self-evolution engine that analyzes runtime history and packages reusable improvements. Khalifah published a detailed Feishu-export allegation on February 2, 2026. ClawHub’s docs say the registry is open by default, that any signed-in user can report a skill, and that more than three unique reports can auto-hide one. EvoMap then published a builder origin story on February 16, 2026 and a security statement on February 27, 2026. PR #298 from autogame-17 into openclaw/clawhub is publicly visible as merged.
Allegation and subject account: The claims that Capability Evolver secretly exfiltrated user data to Feishu, that it amounted to a wiretap or trojan, that delisting pressure involved extortion or rule exploitation, and that platform moderation mishandled the case are all public claims made by participants in the dispute. This page treats them as allegations or subject accounts unless independently established by cited documentation.
Editorial synthesis: The reason this case matters beyond one allegation thread is that it exposed how fragile marketplace trust becomes when one skill simultaneously becomes a breakout product, a security argument, and a moderation object. The story’s consequence is governance: who gets believed first, what process exists before visibility changes, and whether a young ecosystem can keep public trust while evidence is still contested.
Closing
Capability Evolver began as a project story about ambition.
It became a conflict story about risk.
What made it durable was the third turn: it became a governance story about whether ClawHub could separate discovery, moderation, and legitimacy once a viral skill was under live suspicion.
That is the after-image worth keeping.
A young marketplace can survive one controversial listing. What is harder is surviving the moment when everyone suddenly realizes that charts, reports, hiding rules, builder reputation, and ecosystem trust were never separate systems to begin with.