hubstudio-openapi 安全扫描报告 — 低风险 | ClawSafe

22 /100

hubstudio-openapi

HubStudio OpenAPI skill for browser automation, cloud phone operations, and environment management via local API.

HubStudio OpenAPI skill is a legitimate browser-automation integration tool with no malicious behavior, but contains unpinned dependencies and minor documentation gaps.

技能名称hubstudio-openapi

分析耗时48.9s

引擎pi

✓

可以安装

Pin Playwright to a specific version in package.json before production use. Otherwise safe to deploy.

安全发现 2 项

严重性	安全发现	位置
中危	Unpinned Playwright dependency 供应链 package.json declares playwright: ^1.58.2, allowing upgrades to any 1.x version without review. This could silently pull a compromised or vulnerable release. `"playwright": "^1.58.2"` → Pin to exact version: "playwright": "1.58.2"	`package.json:9`
低危	Demo script not referenced in SKILL.md 文档欺骗 playwright_hubstudio_baidu_demo.js uses child_process.execSync to invoke node commands. This is legitimate functionality but not mentioned in SKILL.md, creating a documentation gap. `const output = execSync(cmd, { encoding: 'utf8' });` → Document that demo scripts use shell execution for HubStudio CLI calls	`playwright_hubstudio_baidu_demo.js:11`

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	SKILL.md:47-60, hubstudio.js:107-126
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md:113-130, hubstudio.js via node execution
文件系统	`READ`	`READ`	✓ 一致	hubstudio.js:4 reads commands.generated.json
浏览器	`READ`	`READ`	✓ 一致	playwright_hubstudio_baidu_demo.js connects via CDP

1 高危 8 项发现

📡

高危 IP 地址硬编码 IP 地址

172.31.255.255

reference.md:1514

🔗

中危外部 URL 外部 URL

http://127.0.0.1:6873

ADB_CONNECTION_GUIDE.md:12

🔗

中危外部 URL 外部 URL

https://docs.openclaw.ai/start/getting-started

OPENCLAW_AGENT_BROWSER_TUTORIAL.md:20

🔗

中危外部 URL 外部 URL

https://api-docs.hubstudio.cn/

OPENCLAW_AGENT_BROWSER_TUTORIAL.md:21

🔗

中危外部 URL 外部 URL

https://www.baidu.com/s?wd=HubStudio

OPENCLAW_AGENT_BROWSER_TUTORIAL.md:470

🔗

中危外部 URL 外部 URL

http://127.0.0.1:6873/api/v1/browser/all-browser-status

SKILL.md:56

🔗

中危外部 URL 外部 URL

http://127.0.0.1:6873/api/v1/browser/start

SKILL.md:150

🔗

中危外部 URL 外部 URL

http://127.0.0.1:6873/api/v1/browser/stop

SKILL.md:155

目录结构

10 文件 · 148.0 KB · 4259 行

Markdown 5f · 3168L JSON 3f · 709L JavaScript 2f · 382L

├─ 📝 ADB_CONNECTION_GUIDE.md Markdown 151L · 2.9 KB

├─ 📋 commands.generated.json JSON 633L · 16.2 KB

├─ 📜 hubstudio.js JavaScript 272L · 8.0 KB

├─ 📝 OPENCLAW_AGENT_BROWSER_TUTORIAL.md Markdown 609L · 15.4 KB

├─ 📋 package-lock.json JSON 60L · 1.7 KB

├─ 📋 package.json JSON 16L · 265 B

├─ 📜 playwright_hubstudio_baidu_demo.js JavaScript 110L · 4.0 KB

├─ 📝 README.md Markdown 277L · 6.3 KB

├─ 📝 reference.md Markdown 1819L · 85.8 KB

└─ 📝 SKILL.md Markdown 312L · 7.5 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`playwright`	`^1.58.2`	npm	否	Caret range allows minor/patch upgrades without version audit

安全亮点

✓ All network communication is strictly localhost (127.0.0.1:6873) — no external data exfiltration possible

✓ No credential harvesting: skill reads tokens from env vars but never transmits them externally

✓ No obfuscation: all JavaScript is readable, no base64/eval chains, no anti-analysis techniques

✓ No sensitive file access: no reads of ~/.ssh, ~/.aws, .env, or similar credential paths

✓ No persistence mechanisms: no cron jobs, startup scripts, or backdoor installation

✓ No supply-chain typosquatting: package names are exact

✓ Exec usage is intentional and documented for HubStudio CLI integration