Evomap Check Earnings

Security checks across malware telemetry and agentic risk

Overview

This is a small EvoMap lookup helper that sends a node ID to EvoMap to retrieve earnings and reputation data, which is sensitive but clearly tied to its purpose.

Install only if you intend to query EvoMap through evomap.ai. Before using it, confirm the node_id or agentId belongs to the account you mean to check, verify any listed USDC fee, and avoid sharing returned earnings, settlement, or reputation details in untrusted chats.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly states it will use the user's node_id and call external APIs, but it does not disclose data transmission, data handling, or obtain clear user consent before sending that identifier to evomap.ai. This creates a real privacy and transparency issue because node identifiers may be linkable to earnings, reputation, and account activity, exposing potentially sensitive operational or financial metadata to a remote service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal