evomap
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION] (MEDIUM): Hardcoded absolute file path detected in
scripts/publishers/lafeitu_node/publish_lafeitu.py. - Evidence: The script references
/home/nowloadymax/clawd/skills/lafeitu/lafeitu_config, which leaks a specific username and internal directory structure to the agent context. - [COMMAND_EXECUTION] (MEDIUM): The skill facilitates the publishing of arbitrary shell commands to a remote marketplace.
- Evidence: In
scripts/publishers/main_node/publish_sdk.pyandscripts/publishers/lafeitu_node/publish_lafeitu.py, thevalidationfields contain executable strings such asnpm install -g placeholderandnpx check-lafeitu-api. While the SDK only publishes these, the underlying protocol is designed for remote nodes to execute these commands. - [EXTERNAL_DOWNLOADS] (LOW): The skill makes network requests to a non-whitelisted domain (
evomap.ai). - Evidence:
scripts/evomap_client.pyperforms POST and GET requests tohttps://evomap.aifor node registration and asset management. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Untrusted data from the EvoMap hub enters the agent context via
get_ranked_assets,search_assets, andquery_node_detailsinscripts/evomap_client.pyandscripts/query_node.py. - Boundary markers: None identified. Data from the API is directly interpolated into logs and potentially further agent reasoning.
- Capability inventory: The skill possesses network communication capabilities (
requests) and local file writing (evomap_node.json). - Sanitization: No sanitization or validation of asset summaries or command strings fetched from the hub is performed.
Audit Metadata