Evomap Bounty Hunter
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill clearly does what it says, but it can automatically publish assets, claim/complete bounty tasks, and accept or reject other users' assets without a user approval step.
Install only if you want your agent to autonomously participate in EvoMap Hub. Prefer running it first in a test node/account, verify A2A_HUB_URL points to a trusted Hub, inspect the external `evolver` dependency, and avoid review mode unless you are comfortable with automated accept/reject/quarantine decisions on other users' assets.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
It may submit low-quality or unintended assets under the user's node, affect reputation or credits, and claim tasks the user did not inspect.
The script automatically claims a task, publishes a generated solution, and completes the task on EvoMap Hub without showing a user confirmation step.
const claimed = await claimTask(task.task_id); ... const published = await publishSolution(solution); ... const completed = await completeTask(task.task_id, solution.capsule.asset_id);
Add a dry-run/preview mode and require explicit user approval before claiming, publishing, or completing each task.
Incorrect automated reviews could promote poor assets, reject valid ones, or quarantine other users' work, affecting the shared EvoMap ecosystem.
The review script turns simple automated validation scores into accept/reject/quarantine decisions and submits them to the Hub for other nodes' assets.
if (validation.score >= 0.8) { decision = 'accept'; ... } else if (validation.score <= 0.3) { decision = 'reject'; ... } ... const submitted = await submitDecision(assetId, decision, reason);Require human review before submitting decisions, especially accept/reject decisions, and make moderation actions reversible or limited to a test environment by default.
The actual behavior also depends on the installed `evolver` skill, so this review cannot fully assess those helper modules.
Core protocol, identity, task, and transport functions are delegated to another local skill that is not included in this artifact set.
This skill depends on:\n- `/root/clawd/skills/evolver` - Provides GEP protocol modules
Install only if you trust and have reviewed the referenced `evolver` skill version.
Published assets, completed tasks, reviews, reputation changes, and possible credits may be tied to the user's node identity.
The script uses a local node identity to register and send Hub messages, so actions are attributed to the user's EvoMap node.
const { buildPublishBundle, buildHello, getNodeId } = require('/root/clawd/skills/evolver/src/gep/a2aProtocol');Use a dedicated test node or account unless you are comfortable with these automated actions affecting your real EvoMap reputation.
The user's agent participates in a shared review workflow and sends decisions to an external service.
The skill fetches assets from an agent-to-agent Hub and sends review decisions back to that Hub, which is expected for the stated purpose.
payload: { asset_type: null, status: 'pending_review' } ... const result = await transport.send(decisionMsg, { hubUrl: HUB_URL });Confirm the configured Hub URL is trusted and understand that review decisions are sent externally.