中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
claw-rpg
D&D 3.5 RPG character system for AI lobster agents — reads SOUL.md/MEMORY.md, tracks XP, levels up, sends Telegram reports, fires flavor text
Claw RPG is a legitimate D&D 3.5-style character growth system for AI agents. It reads workspace files, tracks XP in a local JSON save, fires flavor text, and optionally sends Telegram notifications via the local OpenClaw gateway. No malicious behavior, credential theft, or unauthorized network exfiltration was found.
技能名称claw-rpg
分析耗时72.5s
引擎pi
可以安装
Approve for use. This is a safe, well-structured RPG gamification layer with no security concerns.

安全发现 3 项

严重性 安全发现 位置
低危
SKILL.md mentions execSync example but scripts don't use it 文档欺骗
SKILL.md shows an integration snippet using child_process.execSync, but the actual scripts use import() module invocation. No shell execution occurs.
execSync(`node ${SKILL_ROOT}/scripts/xp.mjs --in ${deltaIn} --out ${deltaOut}`)
→ Update the integration example to use import() or describe it as an optional external integration method rather than implying the scripts themselves use execSync.
 SKILL.md:67
低危
Reads workspace metadata files for language detection 敏感访问
_notify.mjs and greet.mjs read SOUL.md, MEMORY.md, IDENTITY.md, USER.md from the workspace to detect language. This is declared behavior and necessary for the feature.
for (const f of ['MEMORY.md', 'IDENTITY.md', 'USER.md', 'SOUL.md'])
→ No action needed; this is documented and necessary functionality.
 scripts/_notify.mjs:67
提示
Reads OpenClaw gateway config for local integration 敏感访问
loadGateway() reads openclaw.json from ~/.openclaw/ to get auth token and port for Telegram gateway integration. Token is used only in local fetch() calls.
join(process.env.HOME || '', '.openclaw', 'openclaw.json')
→ No action needed; token is used locally only, never exfiltrated.
 scripts/_notify.mjs:13
资源类型声明权限推断权限状态证据
文件系统 READ WRITE ✓ 一致 All file writes are confined to DATA_DIR (workspace/claw-rpg/) and character.jso…
网络访问 READ READ ✓ 一致 Only localhost connections to OpenClaw gateway (port 18789) for Telegram push no…
命令执行 NONE NONE No child_process.execSync/exec calls in any script. easter.mjs uses dynamic impo…
环境变量 NONE NONE os.environ not iterated; only USERPROFILE/HOME used for path resolution
技能调用 NONE NONE No cross-skill invocation or sandbox escape
剪贴板 NONE NONE No clipboard access detected
浏览器 NONE NONE Dashboard server binds to localhost:3500 only; no browser automation
数据库 NONE NONE No database access
8 项发现
🔗
中危 外部 URL 外部 URL
https://openclaw.ai
README.md:3
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/ClawhHub-claw--rpg-orange
README.md:5
🔗
中危 外部 URL 外部 URL
https://clawhub.ai/RAMBOXIE/claw-rpg
README.md:5
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/version-2.3.0-blue
README.md:5
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/License-MIT--0-blue
README.md:5
🔗
中危 外部 URL 外部 URL
https://babeljs.io/
dashboard/README.md:7
🔗
中危 外部 URL 外部 URL
https://vite.dev/guide/rolldown
dashboard/README.md:7
🔗
中危 外部 URL 外部 URL
https://react.dev/learn/react-compiler/installation
dashboard/README.md:12

目录结构

39 文件 · 162.0 KB · 4261 行
JavaScript 15f · 2400L Markdown 11f · 808L CSS 2f · 485L TypeScript 3f · 428L JSON 5f · 127L HTML 1f · 13L
├─ 📁 assets
│ └─ 📋 level-table.json JSON 32L · 972 B
├─ 📁 dashboard
│ ├─ 📁 public
│ │ └─ 📦 vite.svg 1.5 KB
│ ├─ 📁 src
│ │ ├─ 📁 assets
│ │ │ └─ 📦 react.svg 4.0 KB
│ │ ├─ 📄 App.css CSS 417L · 10.1 KB
│ │ ├─ 📜 App.tsx TypeScript 407L · 18.1 KB
│ │ ├─ 📄 index.css CSS 68L · 1.2 KB
│ │ └─ 📜 main.tsx TypeScript 10L · 240 B
│ ├─ 📜 eslint.config.js JavaScript 23L · 639 B
│ ├─ 📄 index.html HTML 13L · 371 B
│ ├─ 📋 package.json JSON 34L · 848 B
│ ├─ 📝 README.md Markdown 73L · 2.6 KB
│ ├─ 📜 server.js JavaScript 120L · 3.8 KB
│ ├─ 📋 tsconfig.app.json JSON 28L · 760 B
│ ├─ 📋 tsconfig.json JSON 7L · 126 B
│ ├─ 📋 tsconfig.node.json JSON 26L · 679 B
│ └─ 📜 vite.config.ts TypeScript 11L · 217 B
├─ 📁 memory
│ └─ 📝 2026-03-16.md Markdown 5L · 180 B
├─ 📁 references
│ ├─ 📝 abilities.md Markdown 142L · 7.0 KB
│ ├─ 📝 classes.md Markdown 138L · 5.8 KB
│ └─ 📝 prestige.md Markdown 64L · 1.8 KB
├─ 📁 scripts
│ ├─ 📜 _formulas.mjs JavaScript 378L · 15.7 KB
│ ├─ 📜 _notify.mjs JavaScript 387L · 14.9 KB
│ ├─ 📜 _paths.mjs JavaScript 30L · 1.1 KB
│ ├─ 📜 arena.mjs JavaScript 79L · 2.5 KB
│ ├─ 📜 easter.mjs JavaScript 193L · 6.7 KB
│ ├─ 📜 greet.mjs JavaScript 188L · 8.0 KB
│ ├─ 📜 init.mjs JavaScript 151L · 5.8 KB
│ ├─ 📜 levelup.mjs JavaScript 91L · 3.6 KB
│ ├─ 📜 report.mjs JavaScript 156L · 6.3 KB
│ ├─ 📜 setup-cron.mjs JavaScript 92L · 2.7 KB
│ ├─ 📜 sheet.mjs JavaScript 152L · 5.6 KB
│ ├─ 📜 sync-xp-recovery.mjs JavaScript 94L · 3.8 KB
│ └─ 📜 xp.mjs JavaScript 266L · 11.1 KB
├─ 📝 AGENTS.md Markdown 24L · 802 B
├─ 📝 MEMORY.md Markdown 28L · 1.2 KB
├─ 📝 README.md Markdown 154L · 5.5 KB
├─ 📝 SKILL.md Markdown 146L · 5.0 KB
├─ 📝 SOUL.md Markdown 21L · 765 B
└─ 📝 USER.md Markdown 13L · 361 B

依赖分析 6 项

包名版本来源已知漏洞备注
express ^5.2.1 npm Standard web framework, version reasonably pinned
cors ^2.8.6 npm Well-maintained middleware
react ^19.2.0 npm Latest stable React
recharts ^3.8.0 npm Charting library, no known vulnerabilities
vite ^7.3.1 npm Latest Vite
typescript ~5.9.3 npm Tilde pin, minor version flexible

安全亮点

✓ All file writes are sandboxed to the workspace claw-rpg directory (workspace/claw-rpg/character.json)
✓ Network access is strictly localhost-only (OpenClaw gateway on port 18789)
✓ No child_process.execSync/exec usage anywhere — shell:WRITE is not exercised
✓ Gateway token is used only for local API calls, never transmitted externally
✓ No base64 encoding, obfuscation, or eval() patterns
✓ No credential harvesting — only reads a local gateway config for integration
✓ No sensitive paths (~/.ssh, ~/.aws, .env) are accessed
✓ No curl|bash or remote script execution
✓ Dependencies are all well-known, pinned packages (express, react, cors, recharts)
✓ XP recovery uses hardcoded token estimates (400/200) and cannot steal real tokens
✓ Dashboard binds only to localhost:3500 with no external exposure