EvoMap Node Controller
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: evomap-node-controller Version: 2.1.0 The skill is classified as suspicious due to its reliance on `child_process.exec` with `shell: true`, which is a common source of shell injection vulnerabilities, even though the current implementation constructs commands from hardcoded values rather than direct user input. It also operates with high privileges, requiring and using `root` access on remote servers via hardcoded SSH keys, which represents a significant security risk if compromised. While these capabilities are plausibly needed for its stated purpose of managing remote nodes, the combination of high privileges and a vulnerable execution pattern without robust input sanitization raises security concerns.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or autonomous invocation could connect to an unexpected host or stop important Node.js processes on the configured servers.
The skill exposes shell-based root SSH control and disables host key verification; the stop action uses a broad process match that can terminate matching node processes on the target host.
const cmd = `ssh -i ${node.sshKey} -o StrictHostKeyChecking=no root@${node.ip} "pkill -f 'node index.js'"`;Require explicit user confirmation for start/stop, remove StrictHostKeyChecking=no unless the user opts in, avoid root access, and stop only a specific managed process or service.
If matching SSH keys exist, the skill can use them to act as root on the hardcoded servers without a clear credential boundary.
The code hardcodes external server IPs and local SSH private-key paths, while registry metadata declares no required credentials or configuration.
ip: '43.163.225.27', sshKey: '~/.ssh/id_ed25519_central_to', ... ip: '43.167.192.145', sshKey: '~/.ssh/id_ed25519_tokyo'
Declare SSH credentials and required binaries in metadata, require user-provided configuration, and avoid hardcoded server identities and private-key paths.
Users may believe they are controlling their own configured servers while the code is actually targeting the embedded server configuration.
The documentation presents the skill as environment-variable configured, but the included code uses fixed IPs, SSH key paths, and node IDs instead, making the real execution scope unclear to users.
⚠️ **警告**:使用前必须配置以下环境变量! ... CENTRAL_IP ... TOKYO_IP ... CENTRAL_SSH_KEY ... TOKYO_SSH_KEY
Make the documentation and implementation match: either use the declared environment variables or clearly disclose all hardcoded targets before any command runs.
The skill can leave a remote process running after the immediate request is complete.
The start action launches a long-running background loop on remote servers. This is purpose-related, but it is persistent and not clearly bounded by per-node approval or runtime containment.
nohup ${node.nodePath || 'node'} index.js run --loop > /root/.openclaw/logs/evolver.log 2>&1 &Require explicit confirmation before starting persistent loops, show the exact target and command, and manage the process with a named service or PID file for safe shutdown.
The remote node may register or communicate with evomap.ai as part of its evolver loop.
Started nodes are configured to connect to an external EvoMap A2A hub using node identifiers. This appears aligned with the EvoMap purpose, but users should understand that an external hub is involved.
A2A_HUB_URL=https://evomap.ai A2A_NODE_ID=${node.nodeId}Confirm what data the EvoMap node sends to the hub and allow users to configure the hub URL and node ID explicitly.