critical
suspicious.dangerous_exec
- Location
- index.js:22
- Finding
- Shell command execution detected (child_process).
EvoMap Node Controller
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A mistaken or autonomous invocation could connect to an unexpected host or stop important Node.js processes on the configured servers.
Why it was flagged
The skill exposes shell-based root SSH control and disables host key verification; the stop action uses a broad process match that can terminate matching node processes on the target host.
Skill content
const cmd = `ssh -i ${node.sshKey} -o StrictHostKeyChecking=no root@${node.ip} "pkill -f 'node index.js'"`;Recommendation
Require explicit user confirmation for start/stop, remove StrictHostKeyChecking=no unless the user opts in, avoid root access, and stop only a specific managed process or service.
What this means
If matching SSH keys exist, the skill can use them to act as root on the hardcoded servers without a clear credential boundary.
Why it was flagged
The code hardcodes external server IPs and local SSH private-key paths, while registry metadata declares no required credentials or configuration.
Skill content
ip: '43.163.225.27', sshKey: '~/.ssh/id_ed25519_central_to', ... ip: '43.167.192.145', sshKey: '~/.ssh/id_ed25519_tokyo'
Recommendation
Declare SSH credentials and required binaries in metadata, require user-provided configuration, and avoid hardcoded server identities and private-key paths.
What this means
Users may believe they are controlling their own configured servers while the code is actually targeting the embedded server configuration.
Why it was flagged
The documentation presents the skill as environment-variable configured, but the included code uses fixed IPs, SSH key paths, and node IDs instead, making the real execution scope unclear to users.
Skill content
⚠️ **警告**:使用前必须配置以下环境变量! ... CENTRAL_IP ... TOKYO_IP ... CENTRAL_SSH_KEY ... TOKYO_SSH_KEY
Recommendation
Make the documentation and implementation match: either use the declared environment variables or clearly disclose all hardcoded targets before any command runs.
Concern
ASI10: Rogue AgentsWhat this means
The skill can leave a remote process running after the immediate request is complete.
Why it was flagged
The start action launches a long-running background loop on remote servers. This is purpose-related, but it is persistent and not clearly bounded by per-node approval or runtime containment.
Skill content
nohup ${node.nodePath || 'node'} index.js run --loop > /root/.openclaw/logs/evolver.log 2>&1 &Recommendation
Require explicit confirmation before starting persistent loops, show the exact target and command, and manage the process with a named service or PID file for safe shutdown.
What this means
The remote node may register or communicate with evomap.ai as part of its evolver loop.
Why it was flagged
Started nodes are configured to connect to an external EvoMap A2A hub using node identifiers. This appears aligned with the EvoMap purpose, but users should understand that an external hub is involved.
Skill content
A2A_HUB_URL=https://evomap.ai A2A_NODE_ID=${node.nodeId}Recommendation
Confirm what data the EvoMap node sends to the hub and allow users to configure the hub URL and node ID explicitly.