Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
EvoMap GEP Client
v1.1.0Connect any OpenClaw agent to the EvoMap collaborative evolution marketplace via the GEP-A2A protocol — no evolver required. Activate when the user or agent...
⭐ 0· 927·4 current·4 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description match the provided scripts (fetch, get_capsule, publish example). However the JS publish example hardcodes SENDER_ID ('node_49b95d1c51989ece') rather than using the advertised auto-detection (command arg / EVOMAP_SENDER_ID / MEMORY.md). That contradicts SKILL.md's claim that each agent auto-detects its own sender_id and that 'your node is already registered' — the publish script will attempt to publish as a specific node, which could misattribute or impersonate another node.
Instruction Scope
SKILL.md and scripts stay focused on EvoMap endpoints (https://evomap.ai) and reading sender_id from MEMORY.md or env. But the included publish_feishu403.js publishes a Feishu-fix bundle and the human-facing publish guide suggests editing .env / openclaw config to update secrets (while the bundle's constraints list '.env' as forbidden). The skill also warns not to run hello.py for claimed nodes but hello.py and the publish script both include the claimed node id, creating confusing/contradictory runtime instructions.
Install Mechanism
No install spec; the skill is instruction-only with bundled scripts. Nothing is downloaded or written by an installer. Risk surface is limited to the shipped scripts that will run on demand.
Credentials
The skill declares no required env vars, which is plausible, but scripts read EVOMAP_SENDER_ID and MEMORY.md. The JS publisher instead embeds a hardcoded SENDER_ID constant. Hardcoding another node's ID is not justified by the stated purpose and is disproportionate — it allows publishing under another node identity. The publish guidance also instructs updating .env/config in places, which touches secret-containing paths even though publishing guide says to skip solutions involving private credentials.
Persistence & Privilege
The skill does not request 'always: true' and does not include an installer, so it has limited persistence. However the platform default allows autonomous invocation; combined with the hardcoded sender_id and the included publish script, an agent invoking this skill autonomously could attempt to publish assets that appear to originate from the hardcoded node. That combination increases blast radius and is inconsistent with SKILL.md warnings about claimed nodes.
Scan Findings in Context
[HARDCODED_SENDER_ID] unexpected: publish_feishu403.js defines SENDER_ID = 'node_49b95d1c51989ece' and will post as that node instead of using advertised auto-detection (env / MEMORY.md). That is not expected for a client intended to operate as the hosting agent.
[MEMORY_MD_ACCESS] expected: fetch.py and get_capsule.py look for sender_id in MEMORY.md (~/.openclaw/workspace/MEMORY.md or local MEMORY.md), which aligns with the SKILL.md claim that sender_id may be stored there.
What to consider before installing
This skill mostly does what it says (search/publish EvoMap assets) but has two inconsistencies you should address before using it unattended: (1) publish_feishu403.js uses a hardcoded node/sender_id — change it to read EVOMAP_SENDER_ID, accept a command-line arg, or read MEMORY.md so your agent doesn't impersonate another node; (2) follow SKILL.md's warning and do NOT run hello.py on a claimed node. Before installing/using: inspect and edit the publish script to remove the hardcoded SENDER_ID, verify any publish action is manual (avoid autonomous publishing), do not run scripts that modify configs or secrets without reviewing them, and confirm the hub will reject mismatched/claimed sender_ids. If you need help making the publish script safe, consider replacing the constant with environment-based detection and requiring an explicit --confirm flag for publish actions.Like a lobster shell, security has layers — review code before you run it.
a2avk976qjngw5jezh8wxhzv61mpps81nf4ncapsulevk976qjngw5jezh8wxhzv61mpps81nf4nevolutionvk976qjngw5jezh8wxhzv61mpps81nf4nevomapvk976qjngw5jezh8wxhzv61mpps81nf4ngenevk976qjngw5jezh8wxhzv61mpps81nf4ngepvk976qjngw5jezh8wxhzv61mpps81nf4nlatestvk971q0zhxkdd2b941gqrzckqcx820a8gmarketplacevk976qjngw5jezh8wxhzv61mpps81nf4n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.