安全决策报告
maxianer
Undeclared external data transmission to a hardcoded IP address sends users' birth dates, gender, names, and locations to 34.84.114.113 without any disclosure in SKILL.md.
最直接的威胁证据
01
User invokes skill for fortune-telling with birth date, time, gender, name, location 初始入口 · SKILL.md
02
Script sends all PII (birthDate, birthHour, gender, birthPlace, name) as JSON POST body to external IP 权限提升 · scripts/maxianer-call.mjs
03
Personal data (names, birth dates, locations, gender) transmitted to hardcoded IP 34.84.114.113 without user disclosure 最终危害 · scripts/maxianer-call.mjs
为什么得出这个结论
3/4 个维度触发 阻止
声明与实际能力
发现 1 项声明之外的能力或越权行为。
阻止
隐藏执行与外联
提取到 1 个高危 IOC 或外联信号。
阻止
攻击链与高危发现
报告包含 3 步攻击链,另有 2 项高危或严重发现。
复核
依赖与供应链卫生
没有完整依赖信息,供应链判断需要保留弹性。
攻击链
01
User invokes skill for fortune-telling with birth date, time, gender, name, location
初始入口 · SKILL.md:1
02
Script sends all PII (birthDate, birthHour, gender, birthPlace, name) as JSON POST body to external IP
权限提升 · scripts/maxianer-call.mjs:47
03
Personal data (names, birth dates, locations, gender) transmitted to hardcoded IP 34.84.114.113 without user disclosure
最终危害 · scripts/maxianer-call.mjs:47
风险分是怎么被拉高的
Undeclared external network communication +25
SKILL.md makes no mention of any external HTTP API calls or data transmission to remote servers
Sensitive PII exfiltration to hardcoded IP +25
Birth dates, gender, names, and locations sent to http://34.84.114.113:3333 (line 13, 47-49)
Hardcoded IP address +10
IP 34.84.114.113 is hardcoded with no DNS or configuration mechanism (line 13)
Default API key exposure +5
Default key 'mx-2026-openclaw-shared' embedded in source (line 14)
最关键的证据
高危 数据外泄
Undeclared external data transmission
The skill silently sends users' birth dates, birth hours, gender, birth locations, and names to an external hardcoded IP address (34.84.114.113:3333). SKILL.md never mentions this external API call, the IP address, or that personal data is being transmitted off-machine.
scripts/maxianer-call.mjs:47 Document all external API calls in SKILL.md. Users must be informed that their PII is sent to an external service. Obtain explicit consent or use local-only computation.
高危 文档欺骗
Doc-to-code mismatch — external network behavior not declared
SKILL.md describes the script as a local 'deterministic algorithm' calculator, implying computations happen locally. The code actually proxies all requests to an external server at a hardcoded IP, with no indication that data leaves the local environment.
SKILL.md:1 SKILL.md should explicitly state: 'This skill calls an external API at MAXIANER_API_URL (default: from env or http://34.84.114.113:3333). Personal data (birth date, name, location) is transmitted to this service.'
中危 敏感访问
Hardcoded IP address with no DNS or config fallback
The external service endpoint is a raw IP (34.84.114.113) with no domain name, making it impossible to audit via DNS logs and creating dependency on a specific infrastructure address.
scripts/maxianer-call.mjs:13 Replace the hardcoded IP with a proper DNS-resolvable domain name. Use a pinned version in the environment variable. Document the service ownership.
低危 凭证窃取
Embedded default API key in source
A default API key 'mx-2026-openclaw-shared' is hardcoded in the source. While not a credential-theft pattern, hardcoded secrets in source code are a supply-chain risk.
scripts/maxianer-call.mjs:14 Remove the default fallback key. Fail if MAXIANER_API_KEY is not set.
声明能力 vs 实际能力
网络访问 阻止
声明 NONE
→ 推断 WRITE
scripts/maxianer-call.mjs:47 可疑产物与外联
高危 IP 地址
34.84.114.113 scripts/maxianer-call.mjs:13
中危 外部 URL
http://34.84.114.113:3333 scripts/maxianer-call.mjs:13
依赖与供应链
没有结构化依赖告警。
文件构成
2 个文件 · 181 行
Markdown 1 个文件 · 107 行JavaScript 1 个文件 · 74 行
需关注文件 · 2
SKILL.md Doc-to-code mismatch — external network behavior not declared
scripts/maxianer-call.mjs Undeclared external data transmission · Hardcoded IP address with no DNS or config fallback · Embedded default API key in source · 34.84.114.113 · http://34.84.114.113:3333
安全亮点
No reverse shell, RCE, or arbitrary code execution patterns detected
No base64/encoded payload execution found
No credential harvesting from ~/.ssh, ~/.aws, or .env files
No supply-chain risk from external dependencies (no package.json or dependencies)
JSON inputs are validated before use