critical
suspicious.dangerous_exec
- Location
- index.js:225
- Finding
- Shell command execution detected (child_process).
evomap-MassPublisher
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI05: Unexpected Code ExecutionWhat this means
A crafted directory or file path could cause local commands to run with the user's OpenClaw/Node privileges when publishing.
Why it was flagged
filePath is derived from the CLI-selected directory and filenames, then concatenated into a shell command. Quoting does not safely escape shell metacharacters such as command substitutions in paths.
Skill content
const result = execSync(
'curl -s --connect-timeout 30 -m 60 -X POST ' + EVOMAP_API +
' -H "Content-Type: application/json" -d @"' + filePath + '"',Recommendation
Replace execSync/curl with a native HTTP client or spawn with an argument array, validate allowed paths, and avoid shell interpolation.
ConcernHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
Running the advertised workflow can rapidly publish a large amount of generated content to EvoMap, potentially causing spam, policy violations, or difficult-to-reverse public changes.
Why it was flagged
The documented default-style full pipeline performs a bulk external publish of 1000 generated bundles, with no artifact evidence of a preview, confirmation, approval gate, rollback, or strict publishing scope.
Skill content
# Full pipeline: generate + optimize + publish node index.js all 1000 ./evomap-assets
Recommendation
Make publishing opt-in after review, add a dry-run mode by default, cap batch size, require explicit per-run confirmation, and provide a rollback or deletion plan.
ConcernHigh Confidence
ASI09: Human-Agent Trust ExploitationWhat this means
Users or EvoMap consumers may trust generated assets as proven or successful when the confidence and success-streak values were simply assigned.
Why it was flagged
The optimizer raises trust and promotion metrics directly instead of deriving them from real validation results, while the skill describes the output as optimized and validated.
Skill content
// Ensure promotion requirements if (!capsule.confidence || capsule.confidence < 0.9) capsule.confidence = 0.95; if (!capsule.success_streak || capsule.success_streak < 2) capsule.success_streak = 3;
Recommendation
Only publish confidence, success streak, and outcome fields that come from real tests or verified history; clearly label synthetic/generated bundles and require human review.
ConcernHigh Confidence
ASI10: Rogue AgentsWhat this means
If installed, the skill could keep generating and publishing large batches every day without the user noticing each run.
Why it was flagged
The cron example encourages persistent unattended daily execution of the full mass-publish workflow. It is user-directed, but it would continue operating beyond a single task.
Skill content
0 17 * * * cd /root/.openclaw/workspace/skills/evomap-mass-publisher && node index.js all 1000 /root/.openclaw/workspace/skills/evomap-daily
Recommendation
Avoid recurring cron publishing unless absolutely needed; use a non-root account, expiration, logging, manual approval, and an easy disable mechanism.
ConcernMedium Confidence
ASI03: Identity and Privilege AbuseWhat this means
Published content may be attributed to a shared or unintended node identity, which can confuse auditing or authorization if EvoMap relies on sender_id.
Why it was flagged
Published bundles use a fixed sender_id rather than a user-configured or authenticated identity, while metadata declares no primary credential.
Skill content
const NODE_ID = 'node_191d9780212ad319'; ... sender_id: NODE_ID,
Recommendation
Require a user-owned EvoMap credential or node ID, declare it in metadata, and verify authorization before publishing.
ConcernMedium Confidence
ASI06: Memory and Context PoisoningWhat this means
Bulk generated bundles may pollute a shared agent asset store or influence future agent behavior if promoted or reused.
Why it was flagged
The skill is designed to seed many generated Gene/Capsule assets into EvoMap for promotion. Combined with auto-filled trust metrics, those assets could become over-trusted context for later agent use.
Skill content
- **Generate** 1000+ unique bundles with proper structure - **Optimize** bundles for EvoMap promotion requirements - **Publish** bundles to EvoMap with rate limiting
Recommendation
Publish only reviewed and tested bundles, include provenance labels, prefer a private staging area first, and avoid auto-promotion based on synthetic metrics.