← Back to Skills Marketplace
833
Downloads
1
Stars
11
Active Installs
3
Versions
Install in OpenClaw
/install evomap-node-controller
Description
管理 EvoMap 节点的启动、配置和监控。用于在服务器上启动/停止 EvoMap evolver 循环、配置节点 ID,处理节点绑定等。使用场景:用户要求启动/停止 EvoMap 节点、查看节点状态、配置节点 ID、解决节点连接问题。⚠️ 使用前必须配置环境变量。
README (SKILL.md)
EvoMap 节点控制器
管理 EvoMap 节点的启动、配置和监控。
⚠️ 警告:使用前必须配置以下环境变量!
变量配置
| 变量 | 说明 | 示例 |
|---|---|---|
| CENTRAL_IP | 中央服务器 IP | 从配置获取 |
| TOKYO_IP | 东京服务器 IP | 从配置获取 |
| CENTRAL_SSH_KEY | 中央 SSH 密钥路径 | ~/.ssh/id_ed25519 |
| TOKYO_SSH_KEY | 东京 SSH 密钥路径 | ~/.ssh/id_ed25519 |
| NODE_PATH | Node 路径 | ~/.nvm/versions/node/v22.22.0/bin/node |
节点命名
| 代号 | 说明 |
|---|---|
| 深海 | 中央节点 |
| 天空 | 硅谷节点 |
| 泰拉 | 东京节点 |
启动节点
# 深海
ssh -i $CENTRAL_SSH_KEY root@$CENTRAL_IP "cd ~/.openclaw/evolver && A2A_HUB_URL=https://evomap.ai A2A_NODE_ID=\x3Cyour_node_id> nohup $NODE_PATH index.js run --loop > ~/.openclaw/logs/evolver.log 2>&1 &"
# 泰拉
ssh -i $TOKYO_SSH_KEY root@$TOKYO_IP "cd ~/.openclaw/evolver && A2A_HUB_URL=https://evomap.ai A2A_NODE_ID=\x3Cyour_node_id> nohup node index.js run --loop > ~/.openclaw/logs/evolver.log 2>&1 &"
检查节点状态
# 深海
ssh -i $CENTRAL_SSH_KEY root@$CENTRAL_IP "ps aux | grep 'node index.js' | grep -v grep"
# 泰拉
ssh -i $TOKYO_SSH_KEY root@$TOKYO_IP "ps aux | grep 'node index.js' | grep -v grep"
# 天空
ps aux | grep "node index.js" | grep -v grep
停止节点
# 深海
ssh -i $CENTRAL_SSH_KEY root@$CENTRAL_IP "pkill -f 'node index.js'"
# 泰拉
ssh -i $TOKYO_SSH_KEY root@$TOKYO_IP "pkill -f 'node index.js'"
# 天空
pkill -f "node index.js"
常见问题
- 节点离线: 检查 evolver 进程,确认 A2A_NODE_ID 正确
- Claim 无效: 使用 node_id 而非 claim code
- 找不到 node: 使用完整路径
EvoMap 连接
- Hub:
https://evomap.ai - 注册:
POST /a2a/hello
Usage Guidance
不要在信任之前安装或直接运行此技能。主要问题是:
- 代码硬编码了外部 IP(43.163.225.27, 43.167.192.145)和 ~/.ssh 下的特定私钥路径,会尝试用这些私钥以 root 身份通过 SSH 远程执行命令;这可能会使用或泄露你的私钥并在远程机器上执行任意操作。
- SKILL.md 与代码不一致:文档要求环境变量,但代码忽略这些并使用硬编码值。元数据未声明任何必需凭证,但代码会读取本地私钥,这不透明且危险。
建议措施:
- 要求作者解释并移除硬编码的 IP 与私钥路径;改为明确声明并在注册元数据中列出需要的环境变量(例如 SSH_KEY_PATH、CENTRAL_IP),由用户显式提供。
- 要求代码不要默认使用 StrictHostKeyChecking=no 或 root 登录;应让用户确认主机指纹并使用最小权限用户。
- 在受控/隔离环境(例如带网络限制的容器或专用跳板机)中审计并执行代码前,手动审查并测试所有 SSH 命令。
- 若作者无法或不愿改进,避免安装或运行此技能,因为它可能访问你的私钥并在远端以高权限执行命令。
Capability Analysis
Type: OpenClaw Skill
Name: evomap-node-controller
Version: 2.1.0
The skill is classified as suspicious due to its reliance on `child_process.exec` with `shell: true`, which is a common source of shell injection vulnerabilities, even though the current implementation constructs commands from hardcoded values rather than direct user input. It also operates with high privileges, requiring and using `root` access on remote servers via hardcoded SSH keys, which represents a significant security risk if compromised. While these capabilities are plausibly needed for its stated purpose of managing remote nodes, the combination of high privileges and a vulnerable execution pattern without robust input sanitization raises security concerns.
Capability Assessment
Purpose & Capability
技能名/描述表示管理 EvoMap 节点(启动/停止/状态),这本身合理,但 SKILL.md 要求用户配置多项环境变量; package 元数据却声明无必需环境变量;index.js 不使用 SKILL.md 中建议的环境变量,反而硬编码了外部服务器 IP 和 SSH 密钥路径。这不一致表明请求的凭证/访问与声明不匹配。
Instruction Scope
SKILL.md 中示例命令使用环境变量(CENTRAL_IP, TOKYO_SSH_KEY 等),暗示需用户显式提供凭证;但运行时代码直接构造并执行 ssh 命令,读取主机上的特定私钥文件(~/.ssh/id_ed25519_*),并以 root@IP 远程执行命令。代码会访问本地用户私钥路径而未在元数据中声明,这超出了 SKILL.md 与注册信息所揭示的权限边界。
Install Mechanism
无安装规范(instruction-only + 包含代码文件)。没有外部下载/安装脚本,风险较低,但包含能在宿主上直接执行 shell 命令的代码(child_process.exec),因此即便无需安装,也能执行敏感操作。
Credentials
元数据未声明任何必需环境变量或凭证,但 SKILL.md 强烈提示需要多个环境变量且 index.js 会直接访问特定 ~/.ssh 私钥路径。这意味着技能会使用/依赖未声明的秘密(私钥),权限要求与声明不成比例——远超普通“节点控制”技能应有的最小权限声明。
Persistence & Privilege
技能未请求 always:true,也不会修改其他技能配置,但因为代码可在运行时远程以 root 身份执行命令(通过 ssh 使用本地私钥),若允许代理自主调用会有较高的操作权限和潜在破坏面;这一点在本评估中被认为是需要注意但并非单独致命的问题。
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install evomap-node-controller - After installation, invoke the skill by name or use
/evomap-node-controller - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.1.0
- Updated documentation for clearer naming: nodes are now referred to as 深海 (central), 天空 (Silicon Valley), and 泰拉 (Tokyo).
- Streamlined instructions and terminology for node start, status checking, and shutdown processes.
- Simplified common issues and troubleshooting section.
- Reduced and clarified EvoMap connection details.
v2.0.0
**Breaking change:** Node configuration now uses environment variables for improved security and flexibility.
- Node setup, SSH keys, and IPs must be set as environment variables before use.
- Removed hardcoded sensitive information from documentation.
- Startup, status, and shutdown commands updated to reference environment variables.
- Added clear security warning about environment variable requirements.
- Documentation streamlined for easier, safer multi-node management.
v1.0.0
evomap-node-controller v1.0.0
- Initial release for managing EvoMap node clusters.
- Provides instructions for starting, stopping, and checking the status of three nodes (Central, Silicon Valley, Tokyo).
- Documents SSH keys, node configuration, and troubleshooting tips.
- Includes example commands for typical node management tasks.
Metadata
Frequently Asked Questions
What is EvoMap Node Controller?
管理 EvoMap 节点的启动、配置和监控。用于在服务器上启动/停止 EvoMap evolver 循环、配置节点 ID,处理节点绑定等。使用场景:用户要求启动/停止 EvoMap 节点、查看节点状态、配置节点 ID、解决节点连接问题。⚠️ 使用前必须配置环境变量。 It is an AI Agent Skill for Claude Code / OpenClaw, with 833 downloads so far.
How do I install EvoMap Node Controller?
Run "/install evomap-node-controller" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is EvoMap Node Controller free?
Yes, EvoMap Node Controller is completely free (open-source). You can download, install and use it at no cost.
Which platforms does EvoMap Node Controller support?
EvoMap Node Controller is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created EvoMap Node Controller?
It is built and maintained by 2233admin (@2233admin); the current version is v2.1.0.
More Skills