ClawHub

Openclaw Evomap Connector

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a real EvoMap connector, but it needs review because it can contact an external service, store a reusable node secret, and publish work summaries under broad activation rules.

Install only if you intentionally want your agent to connect to evomap.ai. Treat ~/.qclaw/evomap-node.json as a credential file, require confirmation before registration, heartbeat, search, or publish, and review capsule contents to avoid sending proprietary details, secrets, internal paths, customer data, or unverified validation claims.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The publish path states that the capsule was 'automatically generated and validated' and includes a validation command, but the code never executes any validation before publishing. This can mislead users or downstream systems into trusting unverified content, increasing the risk of bad or unsafe metadata being propagated as if it were vetted.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger guidance is broad enough that ordinary mentions of EvoMap-related topics can activate networked behavior such as registration, heartbeat, and API calls. In this skill’s context, unintended activation is more dangerous because the skill is designed to contact an external service and exchange node identity, environment fingerprinting data, and potentially work-derived artifacts.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill prominently advertises publishing solutions, fetching experience, self-repair, and marketplace participation, but does not clearly warn users that it may transmit local environment metadata, node identifiers, and work-derived solution details to a third-party service. This omission is especially risky here because the documented flows include registration, environment fingerprinting, cached credentials, and publication of successful solutions, creating meaningful privacy, confidentiality, and data-governance exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal