中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:19 小时前 重新扫描
5 /100
agent-profile-images
Agent Profile Images for OpenClaw Control UI — upload custom avatars, generate themed AI profile images
This is a legitimate UI feature package for agent profile images containing only documentation and TypeScript reference implementations. The flagged base64 decode is standard API response handling (OpenAI b64_json), all functionality is documented, and no malicious behavior is present.
技能名称agent-profile-images
分析耗时35.2s
引擎pi
可以安装
No action required. The skill is safe for use.
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 Avatar files written to agent workspace avatars/ directory
网络访问 READ READ ✓ 一致 Calls OpenAI API https://api.openai.com/v1/images/generations
命令执行 NONE NONE No shell execution found
环境变量 NONE READ ✓ 一致 Reads API keys from env (ANTHROPIC_API_KEY, OPENAI_API_KEY) - necessary for feat…
1 严重 2 项发现
🔒
严重 编码执行 Base64 编码执行(代码混淆)
Buffer.from(b64, "base64"
references/src-gateway-server-methods-agents-ts.txt:534
🔗
中危 外部 URL 外部 URL
https://docs.openclaw.ai
references/ui-src-ui-app-render-ts.txt:603

目录结构

17 文件 · 409.8 KB · 11567 行
Text 16f · 11446L Markdown 1f · 121L
├─ 📁 references
│ ├─ 📄 src-gateway-method-scopes-ts.txt Text 242L · 6.0 KB
│ ├─ 📄 src-gateway-protocol-index-ts.txt Text 728L · 23.9 KB
│ ├─ 📄 src-gateway-protocol-schema-agent-ts.txt Text 138L · 4.8 KB
│ ├─ 📄 src-gateway-protocol-schema-agents-models-skills-ts.txt Text 312L · 7.6 KB
│ ├─ 📄 src-gateway-protocol-schema-protocol-schemas-ts.txt Text 309L · 10.8 KB
│ ├─ 📄 src-gateway-protocol-schema-types-ts.txt Text 149L · 9.2 KB
│ ├─ 📄 src-gateway-server-methods-agent-ts.txt Text 771L · 26.6 KB
│ ├─ 📄 src-gateway-server-methods-agents-ts.txt Text 1248L · 41.1 KB
│ ├─ 📄 src-gateway-server-methods-list-ts.txt Text 166L · 3.5 KB
│ ├─ 📄 src-gateway-session-utils-ts.txt Text 1035L · 31.8 KB
│ ├─ 📄 ui-src-ui-app-render-ts.txt Text 3270L · 138.6 KB
│ ├─ 📄 ui-src-ui-app-ts.txt Text 963L · 33.9 KB
│ ├─ 📄 ui-src-ui-app-view-state-ts.txt Text 622L · 19.6 KB
│ ├─ 📄 ui-src-ui-types-ts.txt Text 691L · 15.7 KB
│ ├─ 📄 ui-src-ui-views-agents-panels-overview-ts.txt Text 293L · 12.1 KB
│ └─ 📄 ui-src-ui-views-agents-ts.txt Text 509L · 20.6 KB
└─ 📝 SKILL.md Markdown 121L · 3.8 KB

安全亮点

✓ All functionality clearly documented in SKILL.md
✓ Proper path guards prevent directory traversal attacks
✓ File writes restricted to agent workspace directory
✓ Image size validation (2MB limit) prevents DoS
✓ API key access is scoped to OpenAI/Anthropic for avatar generation only
✓ No shell execution or subprocess calls
✓ No credential exfiltration - keys used only for intended API calls
✓ Base64 usage is standard API pattern for image data transfer
✓ Proper input validation and sanitization throughout