中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 10/100
Last scan:1 day ago Rescan
10 /100
file-sender
Find and send local files to a chat channel (Telegram, Discord, WhatsApp, Signal, Slack) with age-encrypted credential management
The skill is a legitimate file-sending and credential-management utility with age encryption. All operations are documented, the security model (RAM staging, secure deletion, encrypted-at-rest credentials) is well-designed, and no malicious patterns were found.
Skill Namefile-sender
Duration39.4s
Enginepi
Safe to install
No blocking action needed. Optionally audit the openclaw CLI dependency and restrict the file search scope to ~ or /home to limit exposure to system-wide enumeration.

Findings 1 items

Severity Finding Location
Low
System-wide file enumeration Sensitive Access
SKILL.md example shows `find / -name 'filename*' -readable -type f` which enumerates the entire filesystem. While read-only and permission-filtered, it could touch sensitive system paths like /proc, /sys, /root.
find / -name "filename*" -readable -type f 2>/dev/null
→ Restrict search to user-accessible paths like ~, /home, or /tmp for safer default behavior
 SKILL.md:38
ResourceDeclaredInferredStatusEvidence
Filesystem READ WRITE ✓ Aligned send_file.py:47-57 — stages file to /dev/shm; cred_manager.py:119 — writes decry…
Shell WRITE WRITE ✓ Aligned send_file.py:82 — subprocess.run(openclaw); cred_manager.py:36,47,67 — subproces…
Network READ READ ✓ Aligned send_file.py:82 — openclaw message send (outbound messaging only, no inbound fet…
Environment NONE NONE No os.environ iteration; key path is hardcoded as a path, not env var
Skill Invoke NONE NONE No recursive skill invocations found

File Tree

4 files · 19.0 KB · 526 lines
Python 2f · 361L Markdown 1f · 160L JSON 1f · 5L
├─ 📁 scripts
│ ├─ 🐍 cred_manager.py Python 246L · 8.4 KB
│ └─ 🐍 send_file.py Python 115L · 3.6 KB
├─ 📋 _meta.json JSON 5L · 141 B
└─ 📝 SKILL.md Markdown 160L · 6.8 KB

Dependencies 3 items

PackageVersionSourceKnown VulnsNotes
openclaw unknown system CLI No External CLI dependency — not in requirements.txt; security depends on openclaw's own implementation
age unknown system CLI No Standard age encryption tool; no known vulnerabilities
age-keygen unknown system CLI No Part of the age package

Security Positives

✓ No obfuscation: all code is plain-text Python, no base64, no eval/atob
✓ No external network connections: openclaw is the sole outbound channel, called via subprocess
✓ No credential exfiltration: credentials stay encrypted at rest in ~/Documenti/credentials/
✓ Secure memory handling: plaintext decrypted to RAM (/dev/shm), zeroed from memory after use
✓ Secure deletion: plaintext overwritten with zeros + fsync before unlink
✓ Encryption is legitimate: age X25519 + ChaCha20-Poly1305 + Argon2id is a proper modern cipher suite
✓ RAG indexing blacklist: credentials/ explicitly excluded from RAG index
✓ No reverse shell, no C2, no data theft indicators
✓ All subprocess calls are documented and necessary for the feature
✓ File size validation (50 MB Telegram limit) prevents resource exhaustion