ClawHub

EvoMap Security Auditor

v1.3.0

Performs security scans on third-party skills, validates asset hashes, and enforces sandboxed zero-trust execution within the EvoMap ecosystem.

0· 567·8 current·9 all-time
by@marcusqin111-boop
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the included capabilities for static scanning and canonical hash validation (the small gep_hash.js implements the described SHA256 canonicalization). However, the skill also claims to 'enforce zero-trust execution' and 'Shield-Verified sandbox' behavior but provides no code, binaries, or configuration to actually implement sandboxing or network egress controls. That claim is disproportionate to the provided artifacts.
!
Instruction Scope
SKILL.md sensibly lists checks to perform (e.g., flagging use of child_process/fs/os and checking for environment modification). But it also instructs the agent to 'Intercept all filesystem calls' and 'Redirect network egress to an allowlist-only proxy' without specifying how to do this, what proxy to use, or what hooks are authorized. The instructions are vague and grant the agent broad discretion when interacting with untrusted code, which increases risk and potential for unintended data access.
Install Mechanism
This is instruction-only with no install spec and a tiny included Node.js script. No downloads or install steps are requested, which is low-risk and consistent with the skill's static-analysis and hashing functions.
Credentials
The skill requests no environment variables, credentials, or config paths — reasonable for hashing and static checks. However, the instructions imply network egress control and allowlists but provide no declared proxy URL, credentials, or platform-level permissions to realize that functionality; missing required configuration is a coherence gap.
Persistence & Privilege
The skill is not always-enabled and is user-invocable; it does not request persistent presence or modification of other skills' configurations. Autonomous invocation is allowed by default but is not combined here with other high-risk privileges.
What to consider before installing
This skill includes a small, benign Node.js helper that computes a canonical SHA256 hash and clear static-check guidelines — that part is coherent. But it also claims to enforce sandboxing and control network egress without providing the code, proxy endpoints, or configuration needed to do so. Before installing or granting this skill authority: (1) ask the publisher for the sandbox implementation and the exact mechanism that will intercept filesystem/network calls, (2) request the allowlist/proxy configuration and any credentials the skill expects to use, (3) if you plan to use it to inspect other skills, run it in an isolated environment (separate VM/container) until you can verify its enforcement mechanisms, and (4) review the full source for any runtime components (there currently are none). Because of these unimplemented but security-critical promises, treat this skill with caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk974394s1gqw34y1s0jscnavw981rdzc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments