varg-ai 安全扫描报告 — 低风险 | ClawSafe

25 /100

varg-ai

AI video, image, speech, and music generation skill using the varg platform. Supports cloud rendering (curl-only) and local rendering (bun + ffmpeg).

varg-ai is a legitimate AI video/image generation skill with standard shell tooling; the only notable risk is a conditional curl|bash installation prompt not explicitly declared in SKILL.md.

技能名称varg-ai

分析耗时72.7s

引擎pi

✓

可以安装

Consider documenting the bun installation step explicitly in SKILL.md and formally declaring environment:READ for API key detection to close the doc-to-code gap.

安全发现 2 项

严重性	安全发现	位置
低危	Undocumented curl\|bash installation command scripts/setup.sh:187 contains 'curl -fsSL https://bun.sh/install \| bash' as a fallback when bun is not found. This curl\|bash pattern is not mentioned in SKILL.md. Risk is mitigated by being conditional (only fires when bun is missing), using the official bun.sh domain, and shell:WRITE being already declared. No arbitrary code execution beyond a standard tool installer. `curl -fsSL https://bun.sh/install \| bash` → Add to SKILL.md setup section: 'If bun is not found, install it with: curl -fsSL https://bun.sh/install \| bash' or document the alternative package manager approach.	`scripts/setup.sh:187`
低危	Environment variable inspection not formally declared setup.ts checks process.env for VARG_API_KEY, FAL_KEY, FAL_API_KEY, ELEVENLABS_API_KEY, REPLICATE_API_TOKEN, HIGGSFIELD_API_KEY. SKILL.md only declares VARG_API_KEY in metadata.env. The additional key checks are legitimate (BYOK support, Fal.ai integration, ElevenLabs speech) but not declared. `const falKey = checkEnvKey("FAL_KEY") \|\| checkEnvKey("FAL_API_KEY") const elevenKey = checkEnvKey("ELEVENLABS_API_KEY") const replicateKey = checkEnvKey("REPLICATE_API_TOKEN")` → Update metadata.env in SKILL.md to include FAL_KEY, ELEVENLABS_API_KEY, REPLICATE_API_TOKEN, and HIGGSFIELD_API_KEY, or document them in the references/byok.md.	`scripts/setup.ts:76`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`WRITE`	✓ 一致	allowed-tools: Write, Edit for project file creation; mkdir declared in Bash(mkd…
命令执行	`WRITE`	`WRITE`	✓ 一致	allowed-tools: Bash(bun:), Bash(bunx:), Bash(curl:), Bash(mkdir:), Bash(echo…
环境变量	`NONE`	`READ`	✓ 一致	setup.ts:76-81 checks process.env for VARG_API_KEY, FAL_KEY, ELEVENLABS_API_KEY,…
网络访问	`READ`	`READ`	✓ 一致	curl calls to api.varg.ai, app.varg.ai, render.varg.ai are all declared and nece…
技能调用	`NONE`	`NONE`	—	No skill-to-skill invocation observed
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No database access

1 严重 30 项发现

💀

严重危险命令危险 Shell 命令

curl -fsSL https://bun.sh/install | bash

scripts/setup.sh:187

🔗

中危外部 URL 外部 URL

https://app.varg.ai/api/auth/cli/send-otp

SKILL.md:76

🔗

中危外部 URL 外部 URL

https://app.varg.ai/api/auth/cli/verify-otp

SKILL.md:83

🔗

中危外部 URL 外部 URL

https://api.varg.ai/v1/balance

SKILL.md:103

🔗

中危外部 URL 外部 URL

https://app.varg.ai/api/billing/checkout

SKILL.md:134

🔗

中危外部 URL 外部 URL

https://app.varg.ai

SKILL.md:137

🔗

中危外部 URL 外部 URL

https://checkout.stripe.com/...

SKILL.md:140

🔗

中危外部 URL 外部 URL

https://app.varg.ai/dashboard**

SKILL.md:144

🔗

中危外部 URL 外部 URL

https://render.varg.ai/api/render

SKILL.md:173

🔗

中危外部 URL 外部 URL

https://render.varg.ai/api/render/jobs/JOB_ID

SKILL.md:179

🔗

中危外部 URL 外部 URL

https://api.varg.ai/v1/image

SKILL.md:219

🔗

中危外部 URL 外部 URL

https://fal.ai/dashboard/keys

references/byok.md:32

🔗

中危外部 URL 外部 URL

https://elevenlabs.io/app/settings/api-keys

references/byok.md:33

🔗

中危外部 URL 外部 URL

https://higgsfield.ai

references/byok.md:34

🔗

中危外部 URL 外部 URL

https://replicate.com/account/api-tokens

references/byok.md:35

🔗

中危外部 URL 外部 URL

https://api.varg.ai/v1/speech

references/byok.md:60

🔗

中危外部 URL 外部 URL

https://jqlang.github.io/jq/

references/cloud-render.md:121

🔗

中危外部 URL 外部 URL

https://s3.varg.ai/renders/xxx.mp4

references/cloud-render.md:137

🔗

中危外部 URL 外部 URL

https://render.varg.ai/api/render/jobs/JOB_ID/stream

references/cloud-render.md:162

🔗

中危外部 URL 外部 URL

https://s3.varg.ai/logos/brand.png

references/components.md:427

🔗

中危外部 URL 外部 URL

https://api.varg.ai/v1

references/gateway-api.md:16

🔗

中危外部 URL 外部 URL

https://s3.varg.ai/uploads/character.png

references/gateway-api.md:57

🔗

中危外部 URL 外部 URL

https://s3.varg.ai/o/abc123.mp4

references/gateway-api.md:141

🔗

中危外部 URL 外部 URL

https://render.varg.ai

references/gateway-api.md:263

🔗

中危外部 URL 外部 URL

https://s3.varg.ai/renders/1710345600_abc123.mp4

references/gateway-api.md:314

🔗

中危外部 URL 外部 URL

https://s3.varg.ai/cache/def456.png

references/gateway-api.md:317

🔗

中危外部 URL 外部 URL

https://s3.varg.ai/clients/birthday/portrait.jpg

references/recipes.md:300

🔗

中危外部 URL 外部 URL

https://render.varg.ai/api/render/jobs/$JOB_ID

references/templates.md:72

🔗

中危外部 URL 外部 URL

https://bun.sh/install

scripts/setup.sh:187

🔗

中危外部 URL 外部 URL

https://api.varg.ai

scripts/setup.ts:17

目录结构

13 文件 · 122.5 KB · 3833 行

Markdown 11f · 3397L TypeScript 1f · 233L Shell 1f · 203L

├─ ▾ 📁 references

│ ├─ 📝 byok.md Markdown 182L · 6.5 KB

│ ├─ 📝 cloud-render.md Markdown 166L · 4.6 KB

│ ├─ 📝 common-errors.md Markdown 290L · 9.5 KB

│ ├─ 📝 components.md Markdown 459L · 13.1 KB

│ ├─ 📝 gateway-api.md Markdown 459L · 9.8 KB

│ ├─ 📝 local-render.md Markdown 148L · 4.4 KB

│ ├─ 📝 models.md Markdown 279L · 10.1 KB

│ ├─ 📝 prompting.md Markdown 270L · 10.8 KB

│ ├─ 📝 recipes.md Markdown 353L · 12.6 KB

│ └─ 📝 templates.md Markdown 490L · 14.2 KB

├─ ▾ 📁 scripts

│ ├─ 🔧 setup.sh Shell 203L · 7.0 KB

│ └─ 📜 setup.ts TypeScript 233L · 7.7 KB

└─ 📝 SKILL.md Markdown 301L · 12.2 KB

安全亮点

✓ API keys are never written to bash commands as raw values — always referenced via $VARG_API_KEY variable substitution

✓ Credentials file is written with chmod 600 (owner read/write only)

✓ No credential exfiltration — ~/.varg/credentials is only read to authenticate against varg.ai's own gateway

✓ Gateway API calls use Bearer token auth only — no API keys in URL parameters

✓ Uses grep -o to parse JSON responses instead of requiring jq dependency

✓ set -euo pipefail in setup.sh for strict error handling

✓ AbortSignal.timeout(5000) on fetch calls to prevent indefinite hangs

✓ Skill uses documented varg.ai platform endpoints (app.varg.ai, api.varg.ai, render.varg.ai)

✓ OTPs are sent via email — no password-based auth flow that could be replayed

✓ No access to ~/.ssh, ~/.aws, .env secrets, or other sensitive host paths

✓ No base64-encoded payloads, eval patterns, or obfuscated code

✓ No clipboard, database, or browser automation capabilities requested