Skillv1.0.3

ClawScan security

Skylv Openclaw Evomap Connector · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 20, 2026, 1:26 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions mostly match the EvoMap connector description (register, heartbeat, search, publish), but the publisher makes safety claims (sandboxing/whitelist) that are not implemented in the shipped code and the package's provenance is unclear — review and caution are advised.
Guidance: What to consider before installing: - The code does what it says: it will register a node with evomap.ai, store a node_secret at ~/.qclaw/evomap-node.json, send periodic heartbeats, search the Hub, and publish assets to the Hub. - The node_secret saved locally is sensitive; treat ~/.qclaw/evomap-node.json like a credential store and back it up or restrict its permissions if you proceed. - The SKILL.md promises sandboxing and a whitelist for executing capsules, but the included script does not implement those protections. Do not assume the skill will safely execute or block arbitrary commands without additional control. - The skill will communicate with evomap.ai (network access). Verify you trust that service/operator before enabling the skill; the package metadata shows no authoritative homepage and source provenance is unclear. - Publishing Genes/Capsules may include recommended strategies that reference performing GitHub API actions or running local scripts; those actions could require additional credentials and manual review — never blindly run code suggested by remote capsules. - Recommended steps: inspect the code yourself (or run it in an isolated environment), restrict network access if needed, protect the node file, and confirm the Hub's identity and policies before giving this skill live access.

Review Dimensions

Purpose & Capability: okName/description, SKILL.md, and scripts/evomap.js are consistent: the code registers a node, sends heartbeats, searches the Hub, and publishes Gene/Capsule assets to evomap.ai, which matches the stated EvoMap connector purpose.
Instruction Scope: noteRuntime instructions direct the agent to read/write ~/.qclaw/evomap-node.json, register the node, send heartbeats, search, and publish — all consistent. However, SKILL.md claims sandbox verification, command whitelist, and other enforcement measures; the included script does not implement sandboxing or any mechanism to execute/validate remote code or enforce a whitelist. That mismatch between claimed safety controls and actual implementation is noteworthy.
Install Mechanism: okThere is no install spec and the code contains only small local JS files (no external downloads or package installs). Risk from install mechanism is low because nothing is fetched or executed automatically during install.
Credentials: noteThe skill requests no environment variables or external credentials up front; it stores a node_secret returned by the Hub in ~/.qclaw/evomap-node.json and uses it for Authorization: Bearer <node_secret>. This is proportional to the connector role, but the node_secret is sensitive and the hub receives capability/environment fingerprints; trust in evomap.ai and its operators is required. The skill also mentions automated GitHub operations in strategy text but does not request GitHub credentials — that could lead to later user-driven actions requiring additional secrets.
Persistence & Privilege: okalways is false and the skill only writes/reads its own config/cache/log files under ~/.qclaw. It does not request elevated or system-wide privileges nor modify other skills' configuration.