← Back to Skills Marketplace

EvoMap Dashboard

Name: EvoMap Dashboard
Author: ppop0uuiu

by ppop0uuiu · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

135

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install evomap-dashboard

Description

Launch a local EvoMap Node Dashboard web viewer. Use when user wants to view their EvoMap node status (reputation, tasks, assets) locally without requiring w...

README (SKILL.md)

EvoMap Node Dashboard

A local web dashboard for viewing any EvoMap node's data without requiring an invite code or web browser access.

Quick Start

Option 1: Run pre-built executable (fastest)

Download EvoMapDashboard.exe from the GitHub releases page
Double-click to run
Open http://localhost:8766 in your browser
Enter your Node ID and Node Secret

Option 2: Run from source

# Clone the repo
git clone https://github.com/ppop0uuiu/evomap-dashboard.git
cd evomap-dashboard

# Install dependencies
pip install fastapi uvicorn

# Run
python evomap_main.py
# Then open http://localhost:8766

Features

Login screen — enter any Node ID + Node Secret to view that node's data
Reputation overview — total score, published count, promoted count, rejected count
Reputation breakdown — bars showing base score, promotion bonus, GDI bonus, confidence weighting
Task list — all claimed tasks with status badges (submitted, quarantine, runner_up, etc.)
Asset history — recent capsule and gene publications with confidence scores
Auto-refresh — updates every 30 seconds
Switch node — logout and log in with different credentials
No cloud dependency — all data fetched directly from EvoMap API

Architecture

Browser (HTML/JS)
    │
    │  localhost:8766
    ▼
FastAPI Backend (Python)
    │
    │  /a2a/* API calls with Bearer token
    ▼
EvoMap Hub (evomap.ai)

Environment Variables

Variable	Default	Description
`EVO_NODE_ID`	(required)	Your EvoMap node ID
`EVO_NODE_SECRET`	(required)	Your EvoMap node secret

Build Executable

pip install pyinstaller
pyinstaller --onefile --name EvoMapDashboard \
  --add-data "evomap_dashboard.html;." \
  evomap_main.py

Output: dist/EvoMapDashboard.exe (~37MB)

Security Notes

Node credentials are stored only in browser sessionStorage (cleared when tab closes)
Credentials are sent only to EvoMap API, never to third parties
No logging of credentials anywhere
Works fully offline after startup (only needs internet to call EvoMap API)

For OpenClaw Agents

This tool can be launched by an OpenClaw agent using the exec tool:

# Start the dashboard server
python /path/to/evomap_main.py

# Open in browser
# http://localhost:8766

GitHub Repository

https://github.com/ppop0uuiu/evomap-dashboard

EvoMap Capsule Reference

This tool was published as a Capsule on EvoMap:

Capsule ID: sha256:2e716e6149fd6fb47f9ba72a1778ce1dbf1bd8b1fe1e5bdceeebd9de69904fdd
Signal: evomap dashboard viewer tool

Usage Guidance

Do not install or run this skill without understanding and fixing the issues listed below. Specific recommendations: - Treat publish.py as untrusted: it will POST 'capsules' using hard-coded node credentials. Do not run it unless you intentionally want to publish data and have audited the code and credentials. The SKILL.md/README do not mention this file. - Remove or rotate any hard-coded NODE_ID/NODE_SECRET values. Secrets in source are a red flag. - Fix evomap_main.py to serve the included HTML via a relative path (packaged file) instead of the absolute C:\Users\admin\... path; absolute references may reveal assumptions about the developer environment and could point to other sensitive paths. - Restrict network exposure: run the server bound to localhost (127.0.0.1) rather than 0.0.0.0, and avoid allow_origins=['*'] CORS in production. Binding to 0.0.0.0 + wildcard CORS can allow other hosts or web pages to trigger the proxy and access node data. - Verify the GitHub release binary before running it (check checksums/signatures) or build from reviewed source yourself. - If you only want a read-only local viewer, remove publishing-related scripts and any default credentials from the repository, and document exact required env vars/inputs in the package metadata. If you lack the skills to audit these changes, treat the package as suspicious and avoid running it on machines with sensitive keys. If you want, I can (a) point out the exact lines/files to change to remove these risks, (b) produce a safer evomap_main.py snippet that serves the HTML from the package and binds to localhost with restricted CORS, or (c) scan the truncated portion of publish.py if you supply the remaining content to determine exactly what it will publish.

Capability Analysis

Type: OpenClaw Skill Name: evomap-dashboard Version: 1.0.0 The skill bundle contains hardcoded sensitive credentials (NODE_SECRET) and an absolute file path (C:\Users\admin\...) in 'evomap_main.py' that targets a specific Windows environment, which is highly irregular for a portable skill. Additionally, the documentation in 'SKILL.md' and 'README.md' encourages users to download and run unvetted external executables (.exe) from a GitHub repository (ppop0uuiu/evomap-dashboard), posing a significant supply chain risk. While the code functions as a proxy for the EvoMap API, these hardcoded elements and the push for external binaries are strong indicators of poor security practices or environment-specific targeting.

Capability Assessment

⚠ Purpose & Capability

The declared purpose is a local read-only dashboard for an EvoMap node, which is reasonable. However the repository includes a publish.py that builds and POSTs 'capsule' payloads to the EvoMap hub using hard-coded NODE_ID/NODE_SECRET, and evomap_main.py contains DEFAULT_NODE_ID/SECRET. Those publishing capabilities are not mentioned in the SKILL.md or README and are outside the stated 'view-only' purpose.

⚠ Instruction Scope

SKILL.md instructs running evomap_main.py to serve the dashboard and claims credentials are stored only in sessionStorage and sent only to EvoMap. The code generally follows that flow, but evomap_main.py serves the HTML from an absolute Windows path (C:\Users\admin\.openclaw\workspace-manager\evomap_dashboard.html) rather than the local package relative path, and the server exposes proxy endpoints that accept arbitrary Authorization/X-Node-Id headers. publish.py (not referenced in runtime instructions) contains code that would actively POST data to the hub if executed. The instructions omit mention of publish.py and do not warn about the hard-coded credentials or the server binding/CORS settings.

ℹ Install Mechanism

There is no install spec (instruction-only skill) which reduces supply-chain risk. SKILL.md references a pre-built Windows executable hosted on GitHub Releases (an expected pattern). No installers from unknown personal servers are present in the manifest. That said, the repo contains a pyinstaller build recipe and a downloadable exe link—you should verify the release binary before running it.

⚠ Credentials

SKILL.md documents EVO_NODE_ID and EVO_NODE_SECRET environment variables, but the registry metadata lists no required env vars. The code embeds DEFAULT_NODE_ID and DEFAULT_NODE_SECRET in evomap_main.py and publish.py, which is inappropriate for a viewer and increases risk (credentials in source). The presence of hard-coded secrets and an unrelated publish script is disproportionate for a read-only dashboard.

⚠ Persistence & Privilege

The server binds with uvicorn host='0.0.0.0' and the FastAPI CORS middleware is configured allow_origins=['*'], allow_headers=['*']. That combination allows the service to be reachable from other hosts on the LAN and accepts requests from any web origin, increasing the risk that other local or remote actors could interact with the proxy endpoints and potentially cause the server to relay requests using user-provided node secrets. The skill does not set always:true, but the network/CORS choices are a privilege/esposure concern.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install evomap-dashboard
After installation, invoke the skill by name or use /evomap-dashboard
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

evomap-dashboard 1.0.0 – initial release - Launches a local web dashboard for viewing EvoMap node status using Node ID and Node Secret - Provides reputation overview, detailed breakdown, task list, and asset history - No cloud or invite code dependency; data fetched directly from EvoMap API - Supports executable and Python source launch, with auto-refresh and session-based security - Allows easy node switching and is compatible with OpenClaw agents

Metadata

Slug evomap-dashboard

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is EvoMap Dashboard?

Launch a local EvoMap Node Dashboard web viewer. Use when user wants to view their EvoMap node status (reputation, tasks, assets) locally without requiring w... It is an AI Agent Skill for Claude Code / OpenClaw, with 135 downloads so far.

How do I install EvoMap Dashboard?

Run "/install evomap-dashboard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is EvoMap Dashboard free?

Yes, EvoMap Dashboard is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does EvoMap Dashboard support?

EvoMap Dashboard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created EvoMap Dashboard?

It is built and maintained by ppop0uuiu (@ppop0uuiu); the current version is v1.0.0.

More Skills