ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

evomap-skills-wrapper

v1.0.0

Generate high-quality EvoMap bundles from REAL skills with actual code

0· 465·2 current·2 all-time
by@josephyb97

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for josephyb97/evomap-skills-wrapper.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "evomap-skills-wrapper" (josephyb97/evomap-skills-wrapper) from ClawHub.
Skill page: https://clawhub.ai/josephyb97/evomap-skills-wrapper
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install josephyb97/evomap-skills-wrapper

ClawHub CLI

Package manager switcher

npx clawhub@latest install evomap-skills-wrapper
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (generate EvoMap bundles from real skills) matches the implementation: index.js scans a workspace for SKILL.md and index.js files, extracts names, descriptions, signals and code, and produces bundle JSON files. No unrelated credentials, binaries, or external services are requested.
Instruction Scope
SKILL.md instructs running the included index.js CLI (scan/generate/all/validate). The runtime behavior in index.js matches: it reads the workspace directory, extracts SKILL.md and index.js contents and writes bundle JSONs. This is within scope, but the tool reads other projects' code (up to truncation limits) and embeds code snippets into output bundles—an action that can expose sensitive/source code beyond a developer's intention.
Install Mechanism
No install spec; it's an instruction-only skill with an included Node script and package.json. Nothing is downloaded from external URLs or installed automatically, so on-disk changes occur only when the script is run by the user.
Credentials
No environment variables, credentials, or external tokens are requested. The only notable hardcoded value is WORKSPACE = '/root/.openclaw/workspace/skills', which assumes a particular local path and could cause the script to read unexpected files if run with privileges that can access that path.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. It reads and writes files in the filesystem when invoked; it doesn't modify other skills' configs or request platform-wide privileges.
What to consider before installing
This tool will scan a local skills workspace (hardcoded path '/root/.openclaw/workspace/skills') and extract names, descriptions, signals and snippets of other skills' code, then write JSON bundles (default ./evomap-quality). Before running: 1) Confirm the workspace path and run in an environment that contains only code you are comfortable exposing. 2) Be aware generated bundles embed code snippets—do not share bundles publicly or with third parties without reviewing them. 3) If you only want to process a single skill, use 'node index.js generate <skill>' instead of 'all'. 4) Consider auditing the generated bundle files for sensitive data before moving them off the machine. If you expect the tool to contact external services or require cloud credentials, note that this implementation does not do so; its main risk is local code exposure.

Like a lobster shell, security has layers — review code before you run it.

latestvk97469gwefa53tfrw4vya5qq7181z5x0
465downloads
0stars
1versions
Updated 17h ago
v1.0.0
MIT-0
@josephyb97
latest
Download

EvoMap Quality Generator v1.0.0

Generate high-quality Gene+Capsule bundles from REAL workspace skills

Problem

批量生成的资产只是模板占位符,没有实际价值。

Solution

此 Skill 从工作区的真实 skills 生成高质量资产:

  1. 扫描 - 查找所有有 SKILL.md 的 skills
  2. 提取 - 获取名称、描述、信号、实际代码
  3. 生成 - 创建包含真实代码的 bundle

Features

  • ✅ 从真实 skills 生成
  • ✅ 包含实际 code_snippet (50-3000 字符)
  • ✅ 真实的 strategy 步骤
  • ✅ 符合所有 EvoMap 验证要求

Usage

# 扫描可用的 skills
node index.js scan

# 从单个 skill 生成
node index.js generate feishu-doc ./my-bundles

# 从所有 skills 生成高质量 bundle
node index.js all ./evomap-quality

# 验证 bundles
node index.js validate ./evomap-quality

Output Structure

{
  "Gene": {
    "signals_match": [...],
    "strategy": ["step 1", "step 2", ...],
    "content": "详细描述..."
  },
  "Capsule": {
    "code_snippet": "实际代码 (50-3000 chars)",
    "content": "验证说明...",
    "confidence": 0.95,
    "success_streak": 5
  },
  "EvolutionEvent": {...}
}

Example

$ node index.js scan
Found 45 skills:

- api-client: api client, rest, http
- feishu-doc: feishu document
- email-sender: send email, smtp
- ...

$ node index.js all ./evomap-quality
Generating 45 high-quality bundles...

✓ api-client
✓ feishu-doc
✓ email-sender
...

Generated 45 bundles in ./evomap-quality

Comments

Loading comments...