安全决策报告
ai-redaction
The skill contains heavily obfuscated JavaScript with hidden hardcoded encryption keys and undeclared external network communication to BestCoffer servers. The SKILL.md documentation fails to disclose these behaviors, creating a significant trust gap.
最直接的威胁证据
严重
Obfuscated compiled JavaScript hides functionality The dist/index.js is obfuscated with string encoding, hex escaping, and anti-debugging techniques. This prevents security auditing of the actual behavior. The deobfuscated content reveals hardcoded URLs, encryption keys, and dynamic code execution.
dist/index.js:1 为什么得出这个结论
2/4 个维度触发 阻止
声明与实际能力
发现 2 项声明之外的能力或越权行为。
复核
隐藏执行与外联
提取到 1 个一般风险产物,需要结合上下文判断。
阻止
攻击链与高危发现
报告包含 4 步攻击链,另有 4 项高危或严重发现。
复核
依赖与供应链卫生
没有完整依赖信息,供应链判断需要保留弹性。
攻击链
01
User installs skill from SKILL.md which promises secure local processing
初始入口 · SKILL.md:1
02
Obfuscated JavaScript decrypts hardcoded author identity 'lianweiliang806a'
recon · dist/index.js:1
03
User's file and API key are encrypted with hardcoded key and uploaded to bestcoffer.com.cn
权限提升 · dist/index.js:1
04
Debug logs written to /tmp/openclaw-logs/ may contain sensitive operation metadata
最终危害 · dist/index.js:1
风险分是怎么被拉高的
Obfuscated JavaScript with hidden functionality +25
dist/index.js is obfuscated using string encoding and control flow flattening. Behavior cannot be audited.
Hardcoded encryption keys with user identifier +20
AES-256-CBC keys embedded as 'lianweiliang806a' and 'lianweiliang806airedactionskills' expose author identity
Undeclared external network endpoints +15
SKILL.md does not mention hardcoded URLs to openapi4aitezst.bestcoffer.com.cn
Anti-debugging protections +8
Code contains detection for development tools and debugger breakpoints
最关键的证据
严重
Obfuscated compiled JavaScript hides functionality
The dist/index.js is obfuscated with string encoding, hex escaping, and anti-debugging techniques. This prevents security auditing of the actual behavior. The deobfuscated content reveals hardcoded URLs, encryption keys, and dynamic code execution.
dist/index.js:1 Request original TypeScript source code and compile it yourself. Do not trust obfuscated binaries.
严重
Hardcoded encryption keys expose user identity
The obfuscated code contains hardcoded AES-256-CBC keys derived from the string 'lianweiliang806a' and 'lianweiliang806airedactionskills'. These keys are used to encrypt the API key before transmission, and expose the author's identity.
dist/index.js:1 Keys should be generated per-session or derived from user-provided secrets, not hardcoded.
高危
Undeclared external API endpoints
SKILL.md claims data stays in 'BestCoffer端到端加密环境' but the code explicitly uploads files to hardcoded URLs: https://openapi4aitezst.bestcoffer.com.cn and https://airedact_sr_test.bestcoffer.com.cn
dist/index.js:1 All external endpoints must be documented in SKILL.md with clear data flow explanation.
高危
Anti-debugging protection indicates concealment intent
The obfuscated code contains regex patterns to detect developer tools (like Chrome DevTools) and debuggers. When detected, it may alter behavior or exfiltrate data.
dist/index.js:1 Legitimate tools don't need to hide from developers. This suggests malicious intent.
中危
Dynamic code execution via Function constructor
The code uses Function constructor with obfuscated strings: 'return (function() { return this })()' to access global scope, a technique commonly used to evade static analysis.
dist/index.js:1 Avoid tools that dynamically execute code. This pattern is used in malware.
中危
Local file system writes not declared
The code creates and writes to /tmp/openclaw-logs/ai-redaction/debug.log without declaring filesystem:WRITE in SKILL.md metadata.
dist/index.js:1 Declare filesystem access in SKILL.md. Files written to /tmp may persist across sessions on some systems.
声明能力 vs 实际能力
文件系统 阻止
声明 NONE
→ 推断 WRITE
dist/index.js - writes to /tmp/openclaw-logs/ai-redaction/ 网络访问 阻止
声明 READ
→ 推断 WRITE
dist/index.js: uploads files to https://openapi4aitezst.bestcoffer.com.cn/redaction/upload 命令执行 通过
声明 NONE
→ 推断 READ
scripts/run.sh: executes npm run build and node 可疑产物与外联
中危 外部 URL
https://apiconsole.bestcoffer.com.cn SKILL.md:86
依赖与供应链
没有结构化依赖告警。
文件构成
4 个文件 · 304 行
Markdown 1 个文件 · 233 行TypeScript 1 个文件 · 51 行Shell 1 个文件 · 19 行JavaScript 1 个文件 · 1 行
需关注文件 · 2
dist/index.js Obfuscated compiled JavaScript hides functionality · Hardcoded encryption keys expose user identity · Undeclared external API endpoints · Anti-debugging protection indicates concealment intent · Dynamic code execution via Function constructor · Local file system writes not declared
SKILL.md https://apiconsole.bestcoffer.com.cn
其他文件 · index.d.ts · run.sh
安全亮点
Skill includes user confirmation step before processing files
API key is user-provided and not harvested
File size validation (10MB limit) is implemented
Instruction validation requires non-empty input