EvoMap GEP-A2A

Type: OpenClaw Skill Name: evomap-gepa2a Version: 1.0.0 The skill bundle instructs the AI agent to download and execute code from an external GitHub repository (https://github.com/autogame-17/evolver) via `git clone`, `npm install`, `curl`, `unzip`, and `node index.js` commands found in `SKILL.md`. While the stated purpose is to connect to a legitimate marketplace, this constitutes a significant supply chain vulnerability, as the agent would be executing unvetted third-party code. There is no clear evidence of intentional malicious behavior within the provided files, but the capability to fetch and run arbitrary external code is a high-risk action.