安全决策报告
castreader
CastReader skill has undocumented network behavior, undeclared browser automation with anti-detection flags, and uses base64 audio processing that appears legitimate but warrants scrutiny.
最直接的威胁证据
为什么得出这个结论
2/4 个维度触发 阻止
声明与实际能力
发现 4 项声明之外的能力或越权行为。
阻止
隐藏执行与外联
提取到 2 个高危 IOC 或外联信号。
通过
攻击链与高危发现
没有形成明确的恶意路径。
复核
依赖与供应链卫生
发现 1 项需要关注的依赖或供应链线索。
风险分是怎么被拉高的
Undeclared network access +20
SKILL.md does not declare network requests to api.castreader.ai:8123
Undeclared browser automation +15
read-aloud.js launches Puppeteer without network:READ declaration
Anti-detection flag +10
--disable-blink-features=AutomationControlled used in read-aloud.js:51
最关键的证据
中危 文档欺骗
Undeclared network requests to external API
All scripts communicate with api.castreader.ai:8123 for TTS services. SKILL.md only describes URL extraction and audio generation workflow but never explicitly declares network:READ permission or the external API endpoint.
scripts/read-url.js:51 Declare network:READ in SKILL.md metadata and document the external TTS API endpoint
中危 文档欺骗
Undeclared Puppeteer browser automation
extract.js and read-aloud.js use Puppeteer to launch headless Chrome browsers and manipulate web pages. SKILL.md only mentions 'read-url.js' and 'generate-text.js' scripts, omitting browser automation entirely.
scripts/extract.js:42 Declare browser:WRITE in SKILL.md and document Puppeteer usage for content extraction
中危 敏感访问
Automation detection suppression flag
read-aloud.js passes --disable-blink-features=AutomationControlled to Chrome, which suppresses navigator.webdriver detection. While common for legitimate automation, this anti-detection technique is suspicious when combined with undeclared browser access.
scripts/read-aloud.js:51 Remove anti-detection flag unless specifically required for legitimate extension testing
低危 代码混淆
Base64 audio decoding in multiple scripts
Base64-encoded audio from API response is decoded using Buffer.from(audioBase64, 'base64'). While this is legitimate for TTS APIs, the pattern matches high-risk obfuscation signatures and was flagged by pre-scan.
scripts/generate-paragraph.js:94 This appears legitimate for TTS services but should be documented to avoid false positive detection
低危 文档欺骗
Shell execution via subprocess not declared
read-url.js uses execFileSync to invoke extract.js as a child process. SKILL.md describes 'node scripts/read-url.js' but does not mention that it internally spawns another Node process.
scripts/read-url.js:79 Document internal script orchestration or refactor to use direct module imports
声明能力 vs 实际能力
网络访问 阻止
声明 NONE
→ 推断 READ
scripts/read-url.js:51 - POST to api.castreader.ai:8123 文件系统 阻止
声明 NONE
→ 推断 WRITE
scripts/read-url.js:82 - fs.writeFileSync 命令执行 阻止
声明 NONE
→ 推断 WRITE
scripts/read-url.js:79 - execFileSync('node', ...) 浏览器 阻止
声明 NONE
→ 推断 WRITE
scripts/read-aloud.js:43 - puppeteer.launch() 可疑产物与外联
严重 编码执行
Buffer.from(audioBase64, 'base64' scripts/generate-paragraph.js:94
高危 IP 地址
131.0.0.0 scripts/extract.js:42
中危 外部 URL
https://img.shields.io/badge/OpenClaw-Skill-blue README.md:3
中危 外部 URL
https://clawhub.com/castreader README.md:3
中危 外部 URL
https://img.shields.io/badge/License-MIT-green.svg README.md:4
中危 外部 URL
https://img.shields.io/badge/platform-macOS%20%7C%20Linux%20%7C%20Windows-lightgrey README.md:5
中危 外部 URL
https://en.wikipedia.org/wiki/Text-to-speech README.md:46
中危 外部 URL
https://notion.so/my-page README.md:99
中危 外部 URL
https://chromewebstore.google.com/detail/castreader-tts-reader/foammmkhpbeladledijkdljlechlclpb README.md:102
中危 外部 URL
http://api.castreader.ai:8123 README.md:134
中危 外部 URL
https://castreader.ai README.md:161
中危 外部 URL
https://castreader.ai/openclaw README.md:162
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| puppeteer | ^23.0.0 | npm | 否 | Version not pinned; auto-updates to latest |
| crypto | builtin | Node.js | 否 | Standard library module |
文件构成
11 个文件 · 2592 行
JSON 2 个文件 · 1222 行JavaScript 6 个文件 · 1028 行Markdown 3 个文件 · 342 行
需关注文件 · 7
package-lock.json https://www.patreon.com/feross · https://feross.org/support
scripts/read-aloud.js Automation detection suppression flag
README.md https://img.shields.io/badge/OpenClaw-Skill-blue · https://clawhub.com/castreader · https://img.shields.io/badge/License-MIT-green.svg · https://img.shields.io/badge/platform-macOS%20%7C%20Linux%20%7C%20Windows-lightgrey · https://en.wikipedia.org/wiki/Text-to-speech · https://notion.so/my-page · https://chromewebstore.google.com/detail/castreader-tts-reader/foammmkhpbeladledijkdljlechlclpb · http://api.castreader.ai:8123 · https://castreader.ai · https://castreader.ai/openclaw · https://microsoftedge.microsoft.com/addons/detail/niidajfbelfcgnkmnpcmdlioclhljaaj
scripts/read-url.js Undeclared network requests to external API · Shell execution via subprocess not declared
scripts/demo.js https://alistapart.com/blog/post/successful-or-unsuccessful-the-post-good-design-vocabulary/
scripts/generate-paragraph.js Base64 audio decoding in multiple scripts · Buffer.from(audioBase64, 'base64'
scripts/extract.js Undeclared Puppeteer browser automation · 131.0.0.0
其他文件 · generate-text.js · SKILL.md · castreader-api.md · package.json
安全亮点
No credential harvesting or environment variable theft detected
No reverse shell, C2 communication, or data exfiltration patterns found
Base64 usage is for legitimate TTS audio processing, not code obfuscation
Hardcoded IP 131.0.0.0 is part of Chrome's internal UA string, not actual network contact
All file operations confined to /tmp and skill directory
No suspicious file downloads or supply chain indicators beyond unpinned versions