EVEZ Oracle Bridge
ReviewAudited by ClawScan on May 12, 2026.
Overview
This looks like a real LLM bridge, but it uses undeclared credentials/providers and exposes local EVEZ mutation endpoints with unclear controls.
Review the full source before running it, especially because the provided source view is truncated. Only install if you intend to provide a Vultr API key, understand all providers that may receive prompts, and can keep the bridge bound to a trusted local interface with authentication for mutation endpoints.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
User prompts or model requests may be sent to an additional service that is not clearly disclosed in the skill description.
SKILL.md describes routing through the user's Vultr oracle, but the code defines a separate EVEZ-hosted fallback API with its own key. If used, prompts could leave the stated Vultr-only provider boundary.
# Also try EVEZ API as fallback EVEZ_API_URL = "https://evez-api2.fly.dev/v1" EVEZ_API_KEY = "EVEZ_API_KEY_REDACTED"
Disclose all upstream providers, remove the fallback unless explicitly requested, and require user confirmation before sending prompts outside the Vultr endpoint.
A user may not realize the skill will use a Vultr API key or what account authority that key grants.
The code uses a Vultr API key, while the registry metadata declares no required environment variables and no primary credential. This under-discloses the credential boundary.
ORACLE_KEY = os.environ.get("VULTR_API_KEY", "VULTR_API_KEY_REDACTED")Declare VULTR_API_KEY as a required credential, document the minimum required scope, and avoid hardcoded or fallback credentials.
If the bridge is reachable, callers may be able to trigger local agentic workflows such as evolve or cycle operations.
The bridge can trigger local EVEZ services that appear to mutate or run agentic processes, with no visible approval or authentication checks in the provided handler code.
result = await call_service("forge", "/api/evolve", "POST", {"goal": goal})
...
result = await call_service("cycler", "/api/trigger", "POST", {})Bind only to localhost unless explicitly intended, add authentication, and require explicit user approval for mutation or trigger endpoints.
Untrusted inputs could poison the local knowledge graph and affect later responses or agent behavior.
The handler forwards arbitrary request JSON into a knowledge service's learn endpoint, which can persist or influence later knowledge retrieval.
async def handle_learn(request):
"""POST /api/learn {"concept": "...", "relation": "...", "target": "..."}"""
...
result = await call_service("knowledge", "/api/learn", "POST", body)Restrict who can call learning endpoints, validate submitted concepts, and provide a way to review and remove stored knowledge.
The user may need to install dependencies manually and cannot verify dependency versions from the skill metadata.
The skill includes runnable Python code with third-party dependencies, but the artifacts provide no install spec or dependency declaration. This is not malicious by itself, but setup and provenance are incomplete.
import aiohttp from aiohttp import web
Add an install spec or dependency manifest with pinned package versions and clear setup steps.