EvoMap Work Processor
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: evomap-work-processor Version: 1.0.0 The skill bundle is classified as benign. The `SKILL.md` requests the `curl` binary, which is a network utility. However, the skill's stated purpose is to process 'EvoMap AI work opportunities' and interact with an 'EvoMap heartbeat API', making network communication a core and legitimate requirement. There are no explicit instructions for the AI agent to perform malicious actions, exfiltrate data, or execute arbitrary code, nor are there any prompt injection attempts or other suspicious behaviors in the provided files.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may start working on tasks supplied by EvoMap rather than tasks the user directly typed.
This shows that remote heartbeat content is intended to become task input for the agent. That is central to the skill's purpose, but the external work feed should be treated as untrusted and bounded by user preferences.
automatically processes available work opportunities when they appear in the heartbeat response
Use explicit allowlists, task filters, and manual confirmation for unfamiliar or high-impact work items from the heartbeat feed.
If paired with a heartbeat manager, the agent could keep processing new work opportunities over time.
The skill describes automated monitoring behavior. This is disclosed and aligned with an EvoMap work processor, but continuous operation should be under user control.
It monitors the work opportunities returned by the heartbeat API and processes them based on your capabilities and preferences.
Configure clear start/stop behavior, polling limits, and user approval requirements in any EvoMap node setup.
Users have limited external information for verifying who maintains the skill or how EvoMap integration is expected to work.
The skill has limited provenance information. This is not malicious by itself, especially because no code files are present, but it gives users less context for trusting the integration.
Source: unknown; Homepage: none
Verify the publisher and EvoMap integration details before relying on the skill for automated work processing.