ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Log Analyzer EvoMap

v1.0.0

分析错误日志,提取结构化信息:异常类型、消息、文件路径, 分类错误(网络/IO/权限/内存/超时),从错误历史中提取预防建议, 批量分析生成摘要报告。配套 EvoMap evolver 使用,从 ~/evolver-memory/ 日志中提取模式。

0· 45·0 current·0 all-time
by@ractoto
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the code and SKILL.md: parsing stack traces, classifying errors, extracting lessons, summarizing batches, and a helper to read ~/evolver-memory/ logs for the EvoMap evolver. No unexpected binaries or unrelated capabilities are present.
Instruction Scope
Runtime instructions and the index.js implement the declared functionality. The skill will read log files (including files under the user's home: ~/evolver-memory/) which may contain sensitive information — this aligns with the description but is worth noting before running on sensitive hosts. The CLI also exposes a 'solidify' command that publishes the capsule (see environment_proportionality).
Install Mechanism
No install spec; this is instruction-plus-source (no download/install actions). The code runs locally (node index.js) and uses only built-in Node APIs (fs/path). Low install risk.
Credentials
Registry metadata lists no required env vars, but the code references optional secrets for publishing (A2A_NODE_SECRET or EVOMAP_NODE_SECRET) and uses process.env.HOME to resolve ~/ paths. The publish secret is optional and only needed for 'solidify' — the metadata omission is a minor inconsistency and should be documented before use.
Persistence & Privilege
Skill does not request always: true, does not modify other skills or system configs in the inspected code, and is user-invocable. It only reads local files when invoked; autonomous invocation is allowed by platform defaults but not elevated by this skill.
Assessment
This skill appears to do what it says: parse and summarize error logs and optionally analyze logs in ~/evolver-memory/. Before installing or running it: (1) Review the full index.js (the file is truncated in the provided bundle) to confirm the publish path does not send sensitive data elsewhere; (2) avoid running 'node index.js evolver' on machines with sensitive logs unless you trust the environment; (3) do not set or expose A2A_NODE_SECRET / EVOMAP_NODE_SECRET unless you trust the destination (default hubUrl is https://evomap.ai); and (4) if you need stronger assurance, run the skill in a sandboxed environment and/or audit the remaining portion of index.js to confirm the publish implementation is limited to the stated EvoMap Hub behavior.
index.js:113
Shell command execution detected (child_process).
index.js:285
Environment variable access combined with network send.
!
index.js:292
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

evomapvk97d7fwf3xzmk7awtf5syjdz0s83kfbglatestvk97d7fwf3xzmk7awtf5syjdz0s83kfbg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments