中文 EN

扫描报告

扫描新文件

高风险 — 风险评分 68/100
上次扫描:2 天前 重新扫描
68 /100
ai-redaction
智能文件脱敏工具 - 声称纯个人独立模式
The skill contains heavily obfuscated JavaScript with hidden hardcoded encryption keys and undeclared external network communication to BestCoffer servers. The SKILL.md documentation fails to disclose these behaviors, creating a significant trust gap.
技能名称ai-redaction
分析耗时49.2s
引擎pi
不要安装此技能
Do not use this skill. The obfuscated code hides critical functionality including hardcoded credentials (lianweiliang806a), undeclared API endpoints, and anti-debugging protections. Request transparent source code before any further evaluation.

攻击链 4 步

入口 User installs skill from SKILL.md which promises secure local processing
SKILL.md:1
提权 Obfuscated JavaScript decrypts hardcoded author identity 'lianweiliang806a'
dist/index.js:1
提权 User's file and API key are encrypted with hardcoded key and uploaded to bestcoffer.com.cn
dist/index.js:1
影响 Debug logs written to /tmp/openclaw-logs/ may contain sensitive operation metadata
dist/index.js:1

安全发现 6 项

严重性 安全发现 位置
严重
Obfuscated compiled JavaScript hides functionality
The dist/index.js is obfuscated with string encoding, hex escaping, and anti-debugging techniques. This prevents security auditing of the actual behavior. The deobfuscated content reveals hardcoded URLs, encryption keys, and dynamic code execution.
(function(_0x187b50,_0x5a8764){const _0x_0x359bb3={...}}('_0x_0x443a',-0xb*-0x2c1e+...))
→ Request original TypeScript source code and compile it yourself. Do not trust obfuscated binaries.
 dist/index.js:1
严重
Hardcoded encryption keys expose user identity
The obfuscated code contains hardcoded AES-256-CBC keys derived from the string 'lianweiliang806a' and 'lianweiliang806airedactionskills'. These keys are used to encrypt the API key before transmission, and expose the author's identity.
_0x_0x5339b2=Buffer['from']('lianweiliang806a','utf8'),_0x_0x5163e7=Buffer['from']('lianweiliang806airedactionskills','utf8')
→ Keys should be generated per-session or derived from user-provided secrets, not hardcoded.
 dist/index.js:1
高危
Undeclared external API endpoints
SKILL.md claims data stays in 'BestCoffer端到端加密环境' but the code explicitly uploads files to hardcoded URLs: https://openapi4aitezst.bestcoffer.com.cn and https://airedact_sr_test.bestcoffer.com.cn
this['API_BASE_URL']=process['env']['AI_REDACTION_API_URL']||_0x131969['WOCYJ'] // https://openapi4aitezst.bestcoffer.com.cn/
→ All external endpoints must be documented in SKILL.md with clear data flow explanation.
 dist/index.js:1
高危
Anti-debugging protection indicates concealment intent
The obfuscated code contains regex patterns to detect developer tools (like Chrome DevTools) and debuggers. When detected, it may alter behavior or exfiltrate data.
new RegExp('\+ \+ (?:[a-zA-Z_$][\w$]*\.)*[a-zA-Z_$][\w$]*')
→ Legitimate tools don't need to hide from developers. This suggests malicious intent.
 dist/index.js:1
中危
Dynamic code execution via Function constructor
The code uses Function constructor with obfuscated strings: 'return (function() { return this })()' to access global scope, a technique commonly used to evade static analysis.
_0x303b64=_0x39da00['k jwEM'](Function,_0x39da00['aSDCQ']('vmCsT','{}.constructor("return this")()')+'));
→ Avoid tools that dynamically execute code. This pattern is used in malware.
 dist/index.js:1
中危
Local file system writes not declared
The code creates and writes to /tmp/openclaw-logs/ai-redaction/debug.log without declaring filesystem:WRITE in SKILL.md metadata.
_0x_0x181d57=_0x_0x33a91b['join'](process['env']['TEMP'],'openclaw-logs','ai-redaction')
→ Declare filesystem access in SKILL.md. Files written to /tmp may persist across sessions on some systems.
 dist/index.js:1
资源类型声明权限推断权限状态证据
文件系统 NONE WRITE ✗ 越权 dist/index.js - writes to /tmp/openclaw-logs/ai-redaction/
网络访问 READ WRITE ✗ 越权 dist/index.js: uploads files to https://openapi4aitezst.bestcoffer.com.cn/redact…
命令执行 NONE READ ✓ 一致 scripts/run.sh: executes npm run build and node
1 项发现
🔗
中危 外部 URL 外部 URL
https://apiconsole.bestcoffer.com.cn
SKILL.md:86

目录结构

4 文件 · 58.0 KB · 304 行
Markdown 1f · 233L TypeScript 1f · 51L Shell 1f · 19L JavaScript 1f · 1L
├─ 📁 dist
│ ├─ 📜 index.d.ts TypeScript 51L · 926 B
│ └─ 📜 index.js JavaScript 1L · 45.2 KB
├─ 📁 scripts
│ └─ 🔧 run.sh Shell 19L · 413 B
└─ 📝 SKILL.md Markdown 233L · 11.5 KB

安全亮点

✓ Skill includes user confirmation step before processing files
✓ API key is user-provided and not harvested
✓ File size validation (10MB limit) is implemented
✓ Instruction validation requires non-empty input