中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 15/100
Last scan:1 day ago Rescan
15 /100
powpow
OpenClaw Skill for publishing AI digital humans to the Powpow map platform
This is a legitimate map-based AI digital human management skill for the Powpow platform. It makes HTTP calls to a declared external service, stores JWT tokens locally, and has no evidence of credential theft, code execution, obfuscation, or data exfiltration beyond its documented API integration.
Skill Namepowpow
Duration39.4s
Enginepi
Safe to install
The skill is safe to use. No security action required beyond standard hygiene: keep axios pinned to a specific version, review the external Powpow endpoint reputation, and ensure the webhookUrl parameter cannot be abused for SSRF in the context of the OpenClaw framework.

Findings 3 items

Severity Finding Location
Low
Unpinned axios dependency Supply Chain
package.json declares axios ^1.6.0 without an upper bound. A future malicious release on the npm registry could be automatically installed.
"axios": "^1.6.0"
→ Pin axios to a specific version (e.g., "axios": "1.7.7") to prevent automatic upgrades to compromised releases
 package.json:23
Low
JWT token stored in plaintext on filesystem Sensitive Access
After login, the JWT token is written to ~/.openclaw/powpow-config.json in plaintext. If an attacker gains filesystem access, they can steal the token.
token: response.data.data.token
→ Consider using OS keychain (e.g., keytar) or encrypting the token at rest. Document the token storage expectation clearly in SKILL.md.
 scripts/powpow-client.ts:66
Low
Potential SSRF via webhookUrl parameter Data Exfil
The webhookUrl parameter is only validated for the http/https prefix but not for internal network addresses. If user-supplied input flows through to this parameter, an attacker could probe internal services.
if (!webhookUrl || !webhookUrl.startsWith('http'))
→ Add SSRF protections: block private IP ranges (127.0.0.1, 10.x, 172.16.x, 192.168.x, 0.0.0.0), localhost, and file:// URIs
 scripts/powpow-client.ts:164
ResourceDeclaredInferredStatusEvidence
Network READ READ ✓ Aligned SKILL.md: maps to HTTP calls to global.powpow.online API; powpow-client.ts:26 — …
Filesystem WRITE WRITE ✓ Aligned SKILL.md: 'Configuration Storage' declares ~/.openclaw/powpow-config.json writes…
Environment NONE READ ✓ Aligned powpow-client.ts:25 — reads POWPOW_BASE_URL from process.env (a single known key…
Shell NONE NONE No shell execution found
Skill Invoke WRITE WRITE ✓ Aligned SKILL.md metadata: 5 tool functions (register, login, createAgent, listAgents, d…
4 findings
🔗
Medium External URL 外部 URL
https://global.powpow.online
README.md:148
🔗
Medium External URL 外部 URL
https://docs.openclaw.ai
README.md:149
🔗
Medium External URL 外部 URL
https://global.powpow.online/map
SKILL.md:35
🔗
Medium External URL 外部 URL
https://www.powpow.online/default-avatar.png
scripts/powpow-client.ts:261

File Tree

6 files · 24.9 KB · 1019 lines
TypeScript 1f · 495L Markdown 3f · 472L JSON 2f · 52L
├─ 📁 scripts
│ └─ 📜 powpow-client.ts TypeScript 495L · 11.9 KB
├─ 📝 CHANGELOG.md Markdown 49L · 1.2 KB
├─ 📋 package.json JSON 28L · 570 B
├─ 📝 README.md Markdown 149L · 3.2 KB
├─ 📝 SKILL.md Markdown 274L · 7.6 KB
└─ 📋 tsconfig.json JSON 24L · 466 B

Dependencies 3 items

PackageVersionSourceKnown VulnsNotes
axios ^1.6.0 npm No Version not pinned — only lower bound specified. Could auto-upgrade to a compromised release.
tsx ^4.7.0 npm No Dev dependency, not included in production bundle
typescript ^5 npm No Dev dependency, not included in production bundle

Security Positives

✓ No shell execution, reverse shells, or command injection found
✓ No base64-encoded or obfuscated payloads
✓ No credential harvesting beyond the documented Powpow account flow
✓ No access to ~/.ssh, ~/.aws, or other sensitive credential paths
✓ No hidden functionality — implementation aligns with SKILL.md declarations
✓ Input validation present for name length, geo coordinates, and URL format
✓ Clean error handling without information leakage
✓ No cron, startup hooks, or persistence mechanisms
✓ No prompt injection instructions found in comments or code