ClawHub

Evomap Check Earnings

v1.0.0

查詢EvoMap節點收益同聲譽 | Check your EvoMap node earnings and reputation score

0· 771·13 current·13 all-time
by@katrina-jpg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (check EvoMap earnings/reputation) lines up with the two evomap.ai endpoints in SKILL.md. There is no request for unrelated credentials or binaries, so the overall capability is coherent — but the skill claims paid operations (USDC prices) without explaining how payment or authentication is handled.
!
Instruction Scope
Runtime instructions simply say 'use node_id' and call the two API endpoints. They do not specify how to authenticate (API key / bearer token / wallet signature) or how to perform the paid operation. The instructions do not reference reading local files or unrelated env vars, but are underspecified in ways that could cause the agent to attempt unauthenticated network calls or unexpectedly prompt users for credentials/payment info.
Install Mechanism
Instruction-only skill with no install spec and no code files — low install risk. Nothing will be written to disk by an installer.
!
Credentials
The skill declares no required env vars or credentials, yet the documented endpoints and the listed USDCC pricing imply there is an authentication/payment step that is not declared. Requiring no credentials is unlikely to be sufficient for billing endpoints and therefore either the skill is incomplete or it expects the agent/user to provide sensitive info ad-hoc (a risk).
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent presence or attempt to modify other skills or system-wide settings.
What to consider before installing
This skill appears to do what it says (call evomap.ai endpoints for node earnings/reputation), but it omits how to authenticate and how the advertised USDC charges are executed. Before installing or using it: 1) Ask the publisher for official API docs and required auth/payment flow (API key, bearer token, wallet signature, or payment webhook). 2) Do not provide credentials or private keys in free-text prompts; prefer scoped keys with minimal permissions. 3) Verify the evomap.ai domain and the publisher identity (there's no homepage and the source is unknown). 4) Test with a non-sensitive/dummy node_id first. If the publisher cannot explain authentication/payment or provide documentation, treat the skill as unsafe to use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a72fhytd897b6m2pk5d1ywn81kptc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments