中文 EN

扫描报告

扫描新文件

高风险 — 风险评分 68/100
上次扫描:2 天前 重新扫描
68 /100
agent-p2p
Agent P2P communication skill - enables AI agents to communicate in real-time through a Portal with other agents
Agent P2P skill contains hardcoded credentials, insecure remote deployment patterns, and supply chain vulnerabilities through unpinned dependencies and external GitHub code retrieval.
技能名称agent-p2p
分析耗时90.5s
引擎pi
不要安装此技能
Do not deploy to production without: (1) removing hardcoded default password in deploy_portal.py, (2) pinning all dependency versions, (3) auditing the external GitHub repository, and (4) replacing subprocess shell=True with explicit argument lists.

攻击链 5 步

提权 User installs skill and provides SSH credentials for VPS deployment
install.py:105
提权 Skill clones code from external GitHub without integrity verification
scripts/deploy_portal.py:184
提权 Unpinned dependencies allow supply chain injection via version upgrade
requirements.txt:1
提权 SSH executes arbitrary shell scripts on remote VPS with root privileges
auto_install.py:82
影响 Hardcoded admin password 'AgentP2P2024' creates backdoor if not changed
scripts/deploy_portal.py:262

安全发现 10 项

严重性 安全发现 位置
高危
Hardcoded default password for admin backend
The deploy_portal.py script creates an Nginx htpasswd file with hardcoded credentials: username 'admin', password 'AgentP2P2024'. While this is for the admin backend on a self-hosted VPS, it creates a backdoor if the user doesn't change the password.
self.run_command("htpasswd -cb /etc/nginx/.htpasswd admin AgentP2P2024", sudo=True)
→ Generate a random password or require user input for the admin password. Never hardcode credentials.
 scripts/deploy_portal.py:262
高危
Remote code execution through SSH deployment
auto_install.py and deploy_portal.py use paramiko to SSH into user-provided VPS and execute arbitrary shell scripts. The scripts clone code from an external GitHub repository. This creates significant risk if the VPS credentials or the GitHub repo are compromised.
subprocess.run(f"ssh -i {ssh_key} ubuntu@{vps_ip} '{script}'", shell=True, capture_output=True, text=True)
→ Use pre-built images or verified deployment packages instead of executing arbitrary shell scripts via SSH. Implement code signing for the external repository.
 auto_install.py:82
高危
Unpinned dependencies enable supply chain attacks
requirements.txt specifies dependencies without version pins (fastapi>=0.100.0, paramiko>=3.3.0, websocket-client>=1.6.0, etc.). This allows attackers to inject malicious code through version upgrades.
fastapi>=0.100.0
→ Pin all dependencies to specific versions. Use a lock file (poetry.lock, Pipfile.lock) or specify exact versions.
 requirements.txt:1
高危
External GitHub code pull without integrity verification
deploy_portal.py line 184 clones from 'https://github.com/yananli199307-dev/AgentPortal-p2p-skill.git' with no hash verification, no signed commits check, and no pinned commit/tag.
github_url = "https://github.com/yananli199307-dev/AgentPortal-p2p-skill.git"
→ Pin to a specific tag/commit hash. Implement GPG verification for git tags.
 scripts/deploy_portal.py:184
中危
Undeclared subprocess shell execution
install.py and auto_install.py use subprocess.run with shell=True and shell=True string commands. SKILL.md does not explicitly declare the use of subprocess for VPS management.
subprocess.run(f"ssh -i {ssh_key} ubuntu@{vps_ip} '{script}'", shell=True, ...)
→ Use explicit argument lists (shell=False) instead of shell=True. Declare subprocess usage explicitly in SKILL.md capabilities section.
 auto_install.py:82
中危
Database access not declared in SKILL.md
The skill creates and manages a SQLite database at /opt/agent-p2p/data/portal.db on the VPS, and manages local state files. This is not declared in the SKILL.md capability declaration.
db_path = "{self.remote_path}/data/portal.db"
→ Declare database:WRITE in the skill capabilities metadata.
 scripts/deploy_portal.py:340
中危
SSH key access to ~/.ssh directory not explicitly declared
The skill accesses SSH private keys from ~/.ssh/ for VPS deployment. While SSH is declared, the specific path ~/.ssh/id_rsa (default) is not mentioned.
ssh_key_path = os.path.expanduser(ssh_key_path or "~/.ssh/id_rsa")
→ Explicitly document ~/.ssh key access in SKILL.md security notes.
 install.py:105
低危
Silent dependency installation without user consent
SKILL.md metadata claims 'auto: true' for installation, meaning the skill auto-installs dependencies. While the openclaw metadata warns about this, the user is not prompted per-action as claimed.
"auto": true
→ Ensure each installation action is confirmed by the user as stated in the metadata.
 SKILL.md:10
低危
Requests library with verify=False (SSL bypass)
skill/client.py and client/client.py use requests.get/post with verify=False, disabling SSL certificate verification.
resp = requests.get(url, headers=headers, verify=False)
→ Use proper SSL verification in production. verify=False should only be for debugging with explicit user consent.
 skill/client.py:36
提示
No _meta.json found
No _meta.json file found in the root directory. Standard skill metadata may be missing.
N/A
→ Add a _meta.json file with standard skill metadata for the platform.
 .
资源类型声明权限推断权限状态证据
命令执行 WRITE WRITE ✓ 一致 SKILL.md metadata declares bins: [ssh]; deploy_portal.py uses paramiko SSH
文件系统 WRITE WRITE ✓ 一致 SKILL.md declares file writes to ~/.openclaw/gateway.env; confirmed in install.p…
网络访问 READ WRITE ✓ 一致 bridge.py POSTs to external URL; deploy_portal.py clones from external GitHub
环境变量 READ WRITE ✓ 一致 skill/bridge.py reads env vars; install.py writes to gateway.env
技能调用 NONE NONE No skill invocation found
剪贴板 NONE NONE No clipboard access found
浏览器 NONE NONE No browser access found
数据库 NONE WRITE ✗ 越权 src/main.py and deploy_portal.py create/modify SQLite DB at /opt/agent-p2p/data/…
18 项发现
🔗
中危 外部 URL 外部 URL
https://agent.example.com
CONFIG.md:73
🔗
中危 外部 URL 外部 URL
https://your-domain.com
CONFIG.md:87
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:18789
CONFIG.md:88
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:18789/hooks/wake
CONFIG.md:146
🔗
中危 外部 URL 外部 URL
https://your-domain.com/api/portal/info
DEPLOY.md:277
🔗
中危 外部 URL 外部 URL
https://your-domain.com/api/contacts
README.md:98
🔗
中危 外部 URL 外部 URL
https://friend-domain.com
SKILL.md:100
🔗
中危 外部 URL 外部 URL
https://your-domain.com/static/admin.html
SKILL.md:143
🔗
中危 外部 URL 外部 URL
https://your-portal.com
client/configure.py:29
🔗
中危 外部 URL 外部 URL
https://your-domain.com)
client.py:12
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:18789\n
install.py:405
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:8081
notify_server.py:77
🔗
中危 外部 URL 外部 URL
https://mirrors.aliyun.com/pypi/simple/
setup.sh:86
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:18789/health
setup.sh:161
🔗
中危 外部 URL 外部 URL
https://myagentp2p.com
skill/client.py:40
🔗
中危 外部 URL 外部 URL
https://agentportalp2p.com
skill_status.json:1
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:8082/webhook
webhook_server.py:57
📧
提示 邮箱 邮箱地址
[email protected]
CONFIG.md:122

目录结构

35 文件 · 228.6 KB · 7039 行
Python 17f · 4434L Markdown 7f · 1225L HTML 2f · 1062L Shell 3f · 277L JSON 4f · 25L Text 2f · 16L
├─ 📁 client
│ ├─ 🐍 cli.py Python 85L · 2.2 KB
│ ├─ 🐍 client.py Python 314L · 11.2 KB
│ ├─ 🐍 config.py Python 52L · 1.2 KB
│ ├─ 🐍 configure.py Python 49L · 1.2 KB
│ ├─ 📝 README.md Markdown 44L · 620 B
│ ├─ 📄 requirements.txt Text 3L · 54 B
│ └─ 🐍 start.py Python 33L · 787 B
├─ 📁 config
│ └─ 📋 portals.example.json JSON 12L · 302 B
├─ 📁 docs
│ └─ 📝 verification-refactor.md Markdown 326L · 7.5 KB
├─ 📁 hooks
│ ├─ 📝 HOOK.md Markdown 9L · 139 B
│ ├─ 📋 hookpack.json JSON 11L · 248 B
│ └─ 🐍 notify.py Python 20L · 442 B
├─ 📁 scripts
│ ├─ 🐍 deploy_portal.py Python 591L · 19.1 KB
│ └─ 🔧 start.sh Shell 23L · 406 B
├─ 📁 skill
│ ├─ 🐍 bridge.py Python 318L · 11.3 KB
│ ├─ 🐍 client.py Python 129L · 4.0 KB
│ └─ 🐍 start.py Python 193L · 5.1 KB
├─ 📁 src
│ ├─ 📁 static
│ │ ├─ 📄 admin.html HTML 772L · 36.4 KB
│ │ └─ 📄 index.html HTML 290L · 16.8 KB
│ └─ 🐍 main.py Python 1072L · 33.5 KB
├─ 🐍 auto_install.py Python 294L · 8.2 KB
├─ 📋 client_status.json JSON 1L · 109 B
├─ 🐍 client.py Python 434L · 16.0 KB
├─ 📝 CONFIG.md Markdown 152L · 4.1 KB
├─ 📝 DEPLOY.md Markdown 306L · 5.1 KB
├─ 🐍 install.py Python 526L · 18.1 KB
├─ 🐍 notify_server.py Python 85L · 2.4 KB
├─ 🔧 package.sh Shell 48L · 1.5 KB
├─ 📝 README.md Markdown 181L · 3.5 KB
├─ 📄 requirements.txt Text 13L · 240 B
├─ 🐍 send.py Python 176L · 5.0 KB
├─ 🔧 setup.sh Shell 206L · 5.1 KB
├─ 📋 skill_status.json JSON 1L · 144 B
├─ 📝 SKILL.md Markdown 207L · 5.1 KB
└─ 🐍 webhook_server.py Python 63L · 1.7 KB

依赖分析 10 项

包名版本来源已知漏洞备注
fastapi >=0.100.0 pip Version not pinned - supply chain risk
uvicorn >=0.23.0 pip Version not pinned - supply chain risk
paramiko >=3.3.0 pip Version not pinned - supply chain risk
websocket-client >=1.6.0 pip Version not pinned - supply chain risk
requests >=2.31.0 pip Version not pinned - supply chain risk
websockets >=11.0 pip Version not pinned - supply chain risk
python-jose >=3.3.0 pip Version not pinned - supply chain risk
python-multipart >=0.0.6 pip Version not pinned - supply chain risk
psutil * pip Version not pinned - supply chain risk
aiohttp * pip Version not pinned - used in notify_server.py

安全亮点

✓ Security notes in CONFIG.md clearly document credential risk levels and recommend dedicated SSH keys
✓ Message approval workflow requires explicit owner consent before adding contacts
✓ WebSocket communication uses SSL context with cert verification on the Bridge side
✓ SKILL.md declares SSH and VPS deployment capabilities in metadata
✓ Code is open source and available for community audit on GitHub
✓ Uses urllib.request instead of subprocess for internal HTTP calls in bridge.py
✓ Credential storage uses Bearer token pattern rather than embedding secrets in URLs