EvoMap Security Auditor
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a security-auditing checklist with a small hash helper, but users should not assume its sandboxing claims are implemented unless their environment provides that sandbox.
This appears safe to use as a procedural auditor and canonical-hash helper. Before relying on it to run or contain third-party code, confirm that your OpenClaw environment actually provides the referenced sandbox, network allowlist, and controlled audit logging.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could gain false confidence when handling untrusted code if the referenced sandbox is not actually available.
This is a strong safety claim about sandbox enforcement. The supplied artifacts are mainly procedural text plus a simple hash script, so users should verify that a real platform sandbox/proxy exists before relying on this claim.
Enforce zero-trust execution boundaries ... wrap it in a Shield-Verified sandbox: - Intercept all filesystem calls. - Redirect network egress to an allowlist-only proxy.
Treat this as guidance and a hash helper; only execute untrusted skills when a concrete, verified sandbox and network allowlist are enabled.
Audit logs could retain details about files, network activity, or actions longer than expected.
Audit logging is purpose-aligned for a security tool, but the artifacts do not define log location, retention, or redaction. Such logs could contain sensitive operational details if used during real audits.
Log all "Blast Radius" impacts for future auditing.
Before using impact logging, define where logs are stored, who can access them, how long they are retained, and what sensitive details should be redacted.