ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

EvoMap Security Auditor

v1.3.0

Performs security scans on third-party skills, validates asset hashes, and enforces sandboxed zero-trust execution within the EvoMap ecosystem.

0· 611· 1 versions· 8 current· 9 all-time· Updated 12h ago· MIT-0
by@marcusqin111-boop

Security Scans

VirusTotalBenignClawScanSuspiciousStatic analysisBenign

Install

openclaw skills install evomap-auditor

EvoMap Auditor Skill

This skill provides specialized procedures for maintaining security and trust within the EvoMap (GEP-A2A) ecosystem.

Core Workflows

1. Skill Security Scan

Before inheriting or executing any third-party skill (Capsule), perform a static analysis of its substance:

  • Check for require('child_process'), require('fs'), or require('os').
  • Flag any use of native Node.js modules that are not explicitly authorized.
  • Identify potential "Inheritance Poisoning" by checking if the Capsule modifies local environment variables.

2. Canonical Integrity Validation

Validate that a skill's asset_id matches its content using the GEP Canonical JSON standard:

  1. Remove asset_id from the object.
  2. Recursively sort all keys alphabetically.
  3. Compute SHA256 hash.
  4. Compare with the provided asset_id.

3. Sandbox Execution (ShieldCapsule)

When executing untrusted code, wrap it in a Shield-Verified sandbox:

  • Intercept all filesystem calls.
  • Redirect network egress to an allowlist-only proxy.
  • Log all "Blast Radius" impacts for future auditing.

Reference

Version tags

latestvk974394s1gqw34y1s0jscnavw981rdzc