安全决策报告

clawguard-threat-detect

Name: clawguard-threat-detect 可信度判断报告
Item: clawguard-threat-detect
Rating: 25
Author: ClawSafe

Security tool that documents actual attack payloads (reverse shells, credential exfiltration) as detection examples, creating a doc-to-code mismatch where the documentation itself serves as an attack template library.

安装决策优先来源: 手动上传扫描时间: 2026/4/4

文件 6

IOC 7

越权项 1

发现 5

最直接的威胁证据

严重文档欺骗

Hardcoded Reverse Shell Payloads in Documentation

SKILL.md:34 contains actual reverse shell commands (nc -e, /dev/tcp/, bash -i >&) presented as 'examples of what to detect'. These are functional attack templates, not generic descriptions.

SKILL.md:34

为什么得出这个结论

3/4 个维度触发

阻止

声明与实际能力

发现 1 项声明之外的能力或越权行为。

阻止

隐藏执行与外联

提取到 3 个高危 IOC 或外联信号。

阻止

攻击链与高危发现

报告包含 4 步攻击链，另有 5 项高危或严重发现。

通过

依赖与供应链卫生

依赖结构存在，但暂未看到明显高危告警。

攻击链

Skill presents as legitimate threat detector

delivery · SKILL.md:1

User reads SKILL.md and learns attack patterns

reconnaissance · SKILL.md:34

User copies documented payloads as templates

weaponization · SKILL.md:34

cli.js spawns child process with unvalidated input

代码执行 · cli.js:42

风险分是怎么被拉高的

Malicious payload documentation +30

SKILL.md:34 and cli.js:101 contain actual reverse shell commands (nc -e, /dev/tcp/, bash -i >&) presented as detection examples

Credential exfiltration documentation +20

SKILL.md:83,462,601 and cli.js:67 document curl exfiltration to evil.com with API tokens

Doc-to-code mismatch +20

Claims to be a threat detector but documentation serves as attack template library

Undeclared child process execution +15

cli.js:42-50 uses spawn() with piped stdin from unvalidated alert data

Potential for social engineering +10

Skill appears legitimate but contains malicious content hidden in 'examples'

最关键的证据

严重文档欺骗

Hardcoded Reverse Shell Payloads in Documentation

SKILL.md:34 contains actual reverse shell commands (nc -e, /dev/tcp/, bash -i >&) presented as 'examples of what to detect'. These are functional attack templates, not generic descriptions.

SKILL.md:34

Remove all actual payload examples. Replace with generic pattern descriptions like 'reverse shell using file descriptor redirection' without concrete commands.

严重文档欺骗

Credential Exfiltration URLs Documented

SKILL.md and cli.js contain examples of credential exfiltration using curl with API tokens sent to evil.com. These are functional attack templates.

SKILL.md:83

Remove all C2 infrastructure examples. Describe attack patterns generically.

高危文档欺骗

Full Reverse Shell Example in CLI

cli.js:101 includes a complete reverse shell payload as a CLI example, normalizing dangerous attack techniques.

cli.js:101

Remove all concrete attack payloads from CLI examples.

高危代码执行

Undeclared Child Process Spawn with Unvalidated Input

cli.js:42-50 uses spawn() to invoke a 'self-improving-safety' module with piped stdin containing unvalidated alert data. This is not declared in SKILL.md.

cli.js:42

Declare shell:WRITE capability or refactor to avoid child process execution. Validate and sanitize all data before piping to child processes.

高危文档欺骗

Comprehensive Attack Template Library

SKILL.md contains a full MITRE ATT&CK coverage matrix with concrete examples of T1059 (Command/Script), T1041 (Exfiltration), T1059.004 (Bash Reverse Shell), providing a complete attack playbook.

SKILL.md:34

Simplify documentation to describe detection capabilities without embedding actual exploit code.

声明能力 vs 实际能力

文件系统 通过

声明 NONE

→

推断 READ

src/detector.js:8 - uses fs module for file monitoring

命令执行 阻止

声明 NONE

→

推断 WRITE

cli.js:42-50 - spawns child process with piped stdin

网络访问 通过

声明 NONE

→

推断 READ

src/detector.js - analyzes network patterns for URLs

环境变量 通过

声明 NONE

→

推断 READ

cli.js:101 - references $API_KEY from environment

可疑产物与外联

严重危险命令

nc -e

SKILL.md:34

严重危险命令

/dev/tcp/

SKILL.md:34

严重危险命令

bash -i >&

cli.js:101

中危外部 URL

http://evil.com/exfil

SKILL.md:83

中危外部 URL

http://evil.com

SKILL.md:462

中危外部 URL

http://evil.com/exfil?token=$API_KEY

SKILL.md:601

中危外部 URL

http://evil.com?token=$API_KEY

cli.js:67

依赖与供应链

包名	版本	来源	漏洞	备注
none	`N/A`	npm	否	No external dependencies in package.json

文件构成

6 个文件 · 1508 行

Markdown 2 个文件 · 881 行JavaScript 2 个文件 · 606 行JSON 2 个文件 · 21 行

需关注文件 · 2

SKILL.md Markdown · 743 行

Hardcoded Reverse Shell Payloads in Documentation · Credential Exfiltration URLs Documented · Comprehensive Attack Template Library · nc -e · /dev/tcp/ · http://evil.com/exfil · http://evil.com · http://evil.com/exfil?token=$API_KEY

cli.js JavaScript · 103 行

Full Reverse Shell Example in CLI · Undeclared Child Process Spawn with Unvalidated Input · bash -i >& · http://evil.com?token=$API_KEY

其他文件 · detector.js · README.md · package.json · _meta.json

安全亮点

No actual credential harvesting code (patterns are in documentation, not executed)

No direct C2 communication in actual code (only documented examples)

No supply chain risks (package.json has no external dependencies)

Threat detection logic is legitimate pattern matching