中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 15/100
上次扫描:1 天前 重新扫描
15 /100
powpow
OpenClaw Skill for publishing AI digital humans to the Powpow map platform
This is a legitimate map-based AI digital human management skill for the Powpow platform. It makes HTTP calls to a declared external service, stores JWT tokens locally, and has no evidence of credential theft, code execution, obfuscation, or data exfiltration beyond its documented API integration.
技能名称powpow
分析耗时39.4s
引擎pi
可以安装
The skill is safe to use. No security action required beyond standard hygiene: keep axios pinned to a specific version, review the external Powpow endpoint reputation, and ensure the webhookUrl parameter cannot be abused for SSRF in the context of the OpenClaw framework.

安全发现 3 项

严重性 安全发现 位置
低危
Unpinned axios dependency 供应链
package.json declares axios ^1.6.0 without an upper bound. A future malicious release on the npm registry could be automatically installed.
"axios": "^1.6.0"
→ Pin axios to a specific version (e.g., "axios": "1.7.7") to prevent automatic upgrades to compromised releases
 package.json:23
低危
JWT token stored in plaintext on filesystem 敏感访问
After login, the JWT token is written to ~/.openclaw/powpow-config.json in plaintext. If an attacker gains filesystem access, they can steal the token.
token: response.data.data.token
→ Consider using OS keychain (e.g., keytar) or encrypting the token at rest. Document the token storage expectation clearly in SKILL.md.
 scripts/powpow-client.ts:66
低危
Potential SSRF via webhookUrl parameter 数据外泄
The webhookUrl parameter is only validated for the http/https prefix but not for internal network addresses. If user-supplied input flows through to this parameter, an attacker could probe internal services.
if (!webhookUrl || !webhookUrl.startsWith('http'))
→ Add SSRF protections: block private IP ranges (127.0.0.1, 10.x, 172.16.x, 192.168.x, 0.0.0.0), localhost, and file:// URIs
 scripts/powpow-client.ts:164
资源类型声明权限推断权限状态证据
网络访问 READ READ ✓ 一致 SKILL.md: maps to HTTP calls to global.powpow.online API; powpow-client.ts:26 — …
文件系统 WRITE WRITE ✓ 一致 SKILL.md: 'Configuration Storage' declares ~/.openclaw/powpow-config.json writes…
环境变量 NONE READ ✓ 一致 powpow-client.ts:25 — reads POWPOW_BASE_URL from process.env (a single known key…
命令执行 NONE NONE No shell execution found
技能调用 WRITE WRITE ✓ 一致 SKILL.md metadata: 5 tool functions (register, login, createAgent, listAgents, d…
4 项发现
🔗
中危 外部 URL 外部 URL
https://global.powpow.online
README.md:148
🔗
中危 外部 URL 外部 URL
https://docs.openclaw.ai
README.md:149
🔗
中危 外部 URL 外部 URL
https://global.powpow.online/map
SKILL.md:35
🔗
中危 外部 URL 外部 URL
https://www.powpow.online/default-avatar.png
scripts/powpow-client.ts:261

目录结构

6 文件 · 24.9 KB · 1019 行
TypeScript 1f · 495L Markdown 3f · 472L JSON 2f · 52L
├─ 📁 scripts
│ └─ 📜 powpow-client.ts TypeScript 495L · 11.9 KB
├─ 📝 CHANGELOG.md Markdown 49L · 1.2 KB
├─ 📋 package.json JSON 28L · 570 B
├─ 📝 README.md Markdown 149L · 3.2 KB
├─ 📝 SKILL.md Markdown 274L · 7.6 KB
└─ 📋 tsconfig.json JSON 24L · 466 B

依赖分析 3 项

包名版本来源已知漏洞备注
axios ^1.6.0 npm Version not pinned — only lower bound specified. Could auto-upgrade to a compromised release.
tsx ^4.7.0 npm Dev dependency, not included in production bundle
typescript ^5 npm Dev dependency, not included in production bundle

安全亮点

✓ No shell execution, reverse shells, or command injection found
✓ No base64-encoded or obfuscated payloads
✓ No credential harvesting beyond the documented Powpow account flow
✓ No access to ~/.ssh, ~/.aws, or other sensitive credential paths
✓ No hidden functionality — implementation aligns with SKILL.md declarations
✓ Input validation present for name length, geo coordinates, and URL format
✓ Clean error handling without information leakage
✓ No cron, startup hooks, or persistence mechanisms
✓ No prompt injection instructions found in comments or code