AI Cluster Pre-flight Check 安全扫描报告 — 低风险 | ClawSafe

10 /100

AI Cluster Pre-flight Check

Pre-flight check for GPU cluster nodes — 26 health checks covering GPU, PCIe, RDMA/IB, Docker, IOMMU, NUMA, firewall, and more

AI Cluster Pre-flight Check is a legitimate GPU cluster node health validation tool performing 26 read-only hardware/network diagnostics. No malicious behavior, credential harvesting, or covert data exfiltration found.

技能名称AI Cluster Pre-flight Check

分析耗时54.4s

引擎pi

✓

可以安装

No blocking action needed. The eval in check_1_25 should be documented explicitly, and dmidecode/iptables root requirements should be stated in SKILL.md for transparency.

安全发现 2 项

严重性	安全发现	位置
低危	eval on user-supplied SWITCH_CLI_CMD not declared 文档欺骗 check_1_25 uses eval to execute SWITCH_CLI_CMD directly from the environment. While this is user-supplied input (not injection), SKILL.md documents the SWITCH_* env vars as 'switch CLI command' without explicitly calling out the eval usage or potential for arbitrary command execution if the variable is set to unexpected values. `eval "$SWITCH_CLI_CMD"` → Document in SKILL.md that SWITCH_CLI_CMD is executed via eval; recommend using SWITCH_HOST + SWITCH_USER for safer SSH-based switch access instead.	`lib/checks.sh:272`
低危	Root privilege requirements not declared 文档欺骗 Several checks invoke commands that typically require root (dmidecode, iptables, setpci, ibstat, perfquery, mlxlink). SKILL.md does not document that root or sudo access is needed for full coverage. `dmidecode -t bios 2>/dev/null \| head -30` → Add a 'Requirements' section noting that root privileges are needed for checks 1.14, 1.16, 1.19, 1.20, 1.21 to pass fully.	`lib/checks.sh:213`

资源类型	声明权限	推断权限	状态	证据
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md declares 'bash' as required binary; preflight.sh uses bash to invoke GP…
文件系统	`READ`	`READ`	✓ 一致	Reads /proc/cmdline, /sys/class/net, /sys/class/infiniband, /sys/module; touch/r…
网络访问	`READ`	`READ`	✓ 一致	Cross-node SSH and ping checks declared in SKILL.md; cross-node section of check…
环境变量	`NONE`	`READ`	✓ 一致	Reads PREFLIGHT_, MOUNT_POINT, SWITCH_ env vars — all declared in SKILL.md env…
剪贴板	`NONE`	`NONE`	—	Not used
浏览器	`NONE`	`NONE`	—	Not used
数据库	`NONE`	`NONE`	—	Not used
技能调用	`NONE`	`NONE`	—	Not used

3 项发现

🔗

中危外部 URL 外部 URL

https://clusterready.xperf.ai/

SKILL.md:19

🔗

中危外部 URL 外部 URL

https://xperf.ai/

SKILL.md:24

📧

提示邮箱邮箱地址

[email protected]

SKILL.md:138

目录结构

5 文件 · 30.7 KB · 957 行

Shell 4f · 819L Markdown 1f · 138L

├─ ▾ 📁 lib

│ ├─ 🔧 checks.sh Shell 443L · 12.9 KB

│ ├─ 🔧 helpers.sh Shell 58L · 2.0 KB

│ └─ 🔧 parser.sh Shell 112L · 3.9 KB

├─ 🔧 preflight.sh Shell 206L · 6.3 KB

└─ 📝 SKILL.md Markdown 138L · 5.5 KB

安全亮点

✓ No credential harvesting — does not access ~/.ssh, ~/.aws, .env, or iterate os.environ for secrets

✓ No data exfiltration — all output is diagnostic; JSON results printed to stdout for the calling agent

✓ No obfuscation — all shell scripts are plain text, no base64, no eval-of-encoded strings

✓ Docker pulls from official nvidia/cuda and rocm/rocm-terminal images — known-good sources

✓ Cross-node capabilities (SSH, ping) are explicitly declared in the check catalog and documentation

✓ Skippable failure classification is a thoughtful UX feature that reduces false positives

✓ No remote script execution (no curl|bash, wget|sh patterns)

✓ No supply chain risks — no external dependencies beyond bash, jq, and system tools