Yes, the spider can scan for vulnerability provided you know the patterns that you're looking for.
The regular site analysis scanner can look at every page at/below a starting page and search the complete HTML of each page for matches against a user-specified regular expression. The seach can even include some parts of the page that are not necessarily visible, but may contain a hidden exploitable pattern.
In practical terms this application of eValid breaks down into two parts: (1) setting up the scan and making the run, and (2) analyzing the output of the string filter report to decide if what the scanner found was important.
Remember, eValid is acting as the engine to do the pattern match searching...but you as a user have to decide if what eValid has found represents an actual vulnerability. It's easy to get lost in the volume of data that is extracted from a website, so we generally recommend to do scans of 1,000 pages or fewer. Also, we recommend to have the most precise regular expression you can devise as the search pattern. Doing this will reduce the output volume but won't miss anything.