安全决策报告
openclaw-cursor-agent
Skill executes shell commands and writes files for legitimate Cursor CLI task management, but contains dangerous curl|bash installation patterns in documentation that pose supply chain risk if copied.
最直接的威胁证据
高危
Dangerous curl|bash pattern in documentation LOCAL_SETUP_GUIDE.md contains 'curl -fsSL https://tailscale.com/install.sh | sh' at line 200. While in documentation, this pattern is a known supply chain attack vector if users copy and execute it.
docs/LOCAL_SETUP_GUIDE.md:200 为什么得出这个结论
2/4 个维度触发 通过
声明与实际能力
声明资源与推断能力基本一致。
阻止
隐藏执行与外联
提取到 3 个高危 IOC 或外联信号。
阻止
攻击链与高危发现
报告包含 0 步攻击链,另有 2 项高危或严重发现。
复核
依赖与供应链卫生
发现 2 项需要关注的依赖或供应链线索。
风险分是怎么被拉高的
curl|bash in documentation +25
docs/LOCAL_SETUP_GUIDE.md:200 contains 'curl -fsSL https://tailscale.com/install.sh | sh' - dangerous remote script execution pattern
curl|bash in archive docs +15
docs/archive/WSL最终落地方案.md:79 contains 'curl https://cursor.com/install -fsS | bash'
Hardcoded IP address +5
docs/LOCAL_SETUP_GUIDE.md:339 references external IP 43.162.108.47 for webhook integration
Shell execution not explicitly declared in SKILL.md +5
SKILL.md tools implicitly require shell:WRITE but don't enumerate allowed-tools
最关键的证据
高危
Dangerous curl|bash pattern in documentation
LOCAL_SETUP_GUIDE.md contains 'curl -fsSL https://tailscale.com/install.sh | sh' at line 200. While in documentation, this pattern is a known supply chain attack vector if users copy and execute it.
docs/LOCAL_SETUP_GUIDE.md:200 Replace with step-by-step instructions or pinned versioned downloads. Add security warning.
高危
Remote script execution in archive documentation
WSL最终落地方案.md contains 'curl https://cursor.com/install -fsS | bash' at line 79. This archives dangerous patterns without context.
docs/archive/WSL最终落地方案.md:79 Remove from archive or add explicit security warnings and version pinning.
中危
Hardcoded external IP address
LOCAL_SETUP_GUIDE.md references external IP 43.162.108.47 for Feishu webhook configuration. This creates a dependency on external infrastructure.
docs/LOCAL_SETUP_GUIDE.md:339 Use environment variables or placeholder documentation instead of hardcoded IPs.
低危
Shell execution not explicitly enumerated
SKILL.md registers tools that execute shell scripts but does not explicitly declare shell:WRITE in allowed-tools or enumerate the specific scripts being run.
SKILL.md:1 Add explicit allowed-tools declaration to SKILL.md.
声明能力 vs 实际能力
命令执行 通过
声明 WRITE
→ 推断 WRITE
index.js:271 - spawn() executes shell scripts for task management 文件系统 通过
声明 WRITE
→ 推断 WRITE
spawn-cursor.sh:119 - cat > creates task/status/runner files in local directories 网络访问 通过
声明 NONE
→ 推断 NONE
No curl/wget/network calls in executable scripts 可疑产物与外联
严重 危险命令
curl -fsSL https://tailscale.com/install.sh | sh docs/LOCAL_SETUP_GUIDE.md:200
严重 危险命令
curl https://cursor.com/install -fsS | bash docs/archive/WSL最终落地方案.md:79
高危 IP 地址
43.162.108.47 docs/LOCAL_SETUP_GUIDE.md:339
中危 外部 URL
https://deb.nodesource.com/setup_22.x docs/LOCAL_SETUP_GUIDE.md:65
中危 外部 URL
https://tailscale.com/install.sh docs/LOCAL_SETUP_GUIDE.md:200
中危 外部 URL
http://100.x.x.x:18789 docs/LOCAL_SETUP_GUIDE.md:239
中危 外部 URL
http://你的公网IP:18789 docs/LOCAL_SETUP_GUIDE.md:280
中危 外部 URL
https://open.feishu.cn/app/ docs/LOCAL_SETUP_GUIDE.md:326
中危 外部 URL
http://43.162.108.47:18789/webhook/feishu docs/LOCAL_SETUP_GUIDE.md:339
中危 外部 URL
http://你的IP:18789/webhook/feishu docs/LOCAL_SETUP_GUIDE.md:340
中危 外部 URL
http://100.x.x.x:18789/webhook/feishu docs/LOCAL_SETUP_GUIDE.md:343
中危 外部 URL
http://你的IP:18789/status docs/LOCAL_SETUP_GUIDE.md:361
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| node | 22.x | external | 否 | Referenced in docs - not pinned |
| tmux | 3.3+ | external | 否 | Required dependency, not a supply chain risk |
| python3 | * | system | 否 | Standard library only |
文件构成
26 个文件 · 3821 行
Markdown 14 个文件 · 1649 行Shell 6 个文件 · 1323 行JavaScript 1 个文件 · 721 行JSON 3 个文件 · 98 行Ignore 1 个文件 · 28 行Other 1 个文件 · 2 行
需关注文件 · 2
docs/LOCAL_SETUP_GUIDE.md Dangerous curl|bash pattern in documentation · Hardcoded external IP address · curl -fsSL https://tailscale.com/install.sh | sh · 43.162.108.47 · https://deb.nodesource.com/setup_22.x · https://tailscale.com/install.sh · http://100.x.x.x:18789 · http://你的公网IP:18789 · https://open.feishu.cn/app/ · http://43.162.108.47:18789/webhook/feishu · http://你的IP:18789/webhook/feishu · http://100.x.x.x:18789/webhook/feishu · http://你的IP:18789/status
docs/archive/WSL最终落地方案.md Remote script execution in archive documentation · curl https://cursor.com/install -fsS | bash · https://cursor.com/install
其他文件 · index.js · check-status.sh · spawn-cursor.sh · common.sh · 最终测试报告.md · kill-session.sh +4
安全亮点
No credential harvesting - scripts do not access ~/.ssh, ~/.aws, .env, or similar sensitive paths
No data exfiltration - no network calls from executable scripts to external servers
No base64/eval obfuscation patterns in code
Task files, status files, and logs are stored locally in designated directories
Shell execution is limited to tmux session management and Cursor CLI task execution
Python scripts use safe json/file operations without dangerous patterns