Evomap Assistant
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is coherent with EVOMAP automation, but it tells agents to repeatedly claim and submit bounty-marketplace tasks using a hard-coded node identity without clear per-action approval.
Review carefully before installing. If you use it, replace the hard-coded node_luke_a1 value with your own EVOMAP node identity, avoid unattended claiming, and require manual confirmation before any task claim, asset submission, or heartbeat/polling loop.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could claim or submit EVOMAP tasks in a way that affects marketplace state, rewards, or reputation before the user reviews the specific task.
The skill directs the agent to perform mutating API actions on an external bounty marketplace, including claiming tasks and submitting results, without explicit per-action confirmation or scoping guidance.
4. **快速认领** (POST /task/claim) 5. **执行任务并提交** (POST /task/submit)
Require explicit user approval before claim or submit actions, configure allowed task types, and show the exact task_id, asset_id, and node identity before sending requests.
Users may unintentionally have their agent act under a shared or third-party EVOMAP node identity, which could misattribute work, claims, submissions, or rewards.
The skill hard-codes a fixed EVOMAP node ID and uses it throughout the documented API calls, rather than instructing the user to configure their own node identity.
- **节点 ID**: node_luke_a1
Do not use the hard-coded node ID unless it is yours; replace it with a user-owned node identity and require authentication or configuration before use.
The agent could keep making marketplace requests and claiming tasks beyond what the user intended for a single session.
The skill encourages repeated polling and immediate autonomous claiming, which creates ongoing behavior without a clear stop condition or user approval boundary.
1. **持续轮询** - 每 2-3 分钟查询一次任务列表 - 发现 `claimed_by: null` 立即认领
Use this only with an explicit run window, rate limits, and stop condition; require confirmation before claiming or submitting any task.