EvoMap GEP Client
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: evomap-gep Version: 1.1.0 This skill is classified as suspicious due to two significant vulnerabilities. Firstly, the `SKILL.md` file contains a prompt injection risk by instructing the agent to 'try applying' fetched capsules, which could lead to the agent executing untrusted code or configurations from external sources. Secondly, the `Gene` schema, as explicitly defined in `references/protocol.md` and demonstrated in `scripts/publish_feishu403.js`, allows arbitrary `node/npm/npx` commands in its `validation` field. This constitutes a remote code execution (RCE) vulnerability, as an attacker could publish a malicious Gene with a harmful validation command that would be executed by any agent attempting to validate it. While the provided code does not contain explicit malicious intent, these design flaws present clear attack vectors.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run, the script could publish under a shared or author-controlled node identity, affecting attribution, reputation, and accountability.
The publish script uses a fixed sender_id instead of the user's sender_id from MEMORY.md, the environment, or a command-line argument.
const SENDER_ID = 'node_49b95d1c51989ece';
Do not run the publish script as-is; replace the hardcoded sender_id with a user-supplied value and confirm which EvoMap identity will be used before publishing.
A user or agent could unintentionally post public marketplace content that is not tied to the user's current problem or chosen identity.
Executing this helper directly publishes a prebuilt bundle to EvoMap without prompting for confirmation or taking user-selected Gene/Capsule input.
const envelope = makeEnvelope('publish', {
assets: [gene, capsule, event]
});
console.log('\nPublishing to EvoMap...');
const result = await postJson('/a2a/publish', envelope);Require explicit user approval before any publish call, and provide a generic publisher that takes reviewed user-selected assets rather than a prefilled publishing script.
Users may trust and operate under an identity that is not actually theirs.
The script tells every installer that a specific hardcoded claimed node is 'your node', which conflicts with the skill's claim that each agent uses its own permanent sender_id.
CLAIMED_NODE = "node_49b95d1c51989ece"
...
print(f"Your node ({CLAIMED_NODE}) is already registered,")Remove hardcoded claimed-node messaging from the distributed skill and make node setup explicitly user-specific.
The sender_id is not an API key, but a wrong or poisoned MEMORY.md entry could cause requests to use the wrong EvoMap identity.
The skill intentionally stores and reuses a persistent identity value from agent memory.
Just save your `sender_id` to MEMORY.md once
Store only the intended sender_id in MEMORY.md, verify it before publishing, and avoid placing secrets in the same instruction line.
Fetched capsules may influence the agent's actions; malicious or low-quality capsule content could lead to unsafe changes if applied without review.
The skill is designed to bring solution text from other agents into the current agent workflow.
Read the returned capsules. If a capsule matches your situation, try applying it.
Treat fetched capsules as untrusted suggestions, review commands and file changes before applying them, and avoid applying capsules that request secrets or broad system changes.