中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 15/100
上次扫描:2 天前 重新扫描
15 /100
bw-openclaw-boost
OpenClaw效率提升工具包 - 成本追踪、记忆管理、压缩系统、权限控制
A legitimate read-only efficiency toolkit for OpenClaw; the only notable issue is a stale SKILL.md reference to a removed stream_exec.py, and permission_manager.py permits curl/wget in its safe-commands list but flags piped variants as dangerous.
技能名称bw-openclaw-boost
分析耗时52.8s
引擎pi
可以安装
Update SKILL.md to remove the stream_exec.py reference (v1.0.7 removed it) and tighten the permission_manager.py safe-commands list to exclude curl/wget entirely. Otherwise this skill is safe to use.

安全发现 4 项

严重性 安全发现 位置
低危
Stale SKILL.md reference to removed tool
SKILL.md documents 'stream_exec.py' and shows an example command 'python3 tools/stream_exec.py "ls" --timeout 10', but version.json (v1.0.7) shows this file was removed. The file does not exist on disk.
python3 tools/stream_exec.py "ls" --timeout 10
→ Remove all references to stream_exec.py from SKILL.md to prevent user confusion
 SKILL.md:1
低危
Broad safe-commands allowlist in permission_manager
permission_manager.py includes 'curl -s', 'curl -X GET', and 'wget -q' in the exec tool's safe_commands list. While piped variants (curl.*|.*sh) are correctly flagged as dangerous patterns, allowing arbitrary curl/wget GET requests is broader than necessary for a read-only monitoring skill.
"curl -s", "curl -X GET", "wget -q",
→ Restrict curl/wget to only the openclaw CLI and internal tool calls if network access is not a required capability
 tools/permission_manager.py:48
低危
slash_commands.py references removed stream_exec.py
The tools list in slash_commands.py still includes 'stream_exec.py — 流式执行' even though this file was removed in v1.0.7.
("stream_exec.py", "流式执行"),
→ Remove the stream_exec.py entry from the tools list
 tools/slash_commands.py:93
提示
subprocess usage not declared in SKILL.md
Multiple tools (token_budget.py, cost_tracker.py, compaction_manager.py, slash_commands.py) invoke subprocess.run(['openclaw','status']) to read session state. SKILL.md does not declare any subprocess usage.
subprocess.run(["openclaw", "status"], capture_output=True, text=True, timeout=30)
→ Add a note in SKILL.md that tools may invoke 'openclaw status' as a read-only operation to read session context
 tools/token_budget.py:40
资源类型声明权限推断权限状态证据
文件系统 NONE WRITE ✓ 一致 memory_manager.py, memory_relevance.py, dream_consolidation.py all write to ~/.o…
网络访问 NONE NONE No network I/O detected in any tool. subprocess calls only invoke 'openclaw stat…
命令执行 NONE READ ✓ 一致 install.sh and launch.sh execute but only for installation and tool dispatch; SK…
环境变量 NONE NONE No environment variable access observed
技能调用 NONE NONE No cross-skill invocation
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser access
数据库 NONE NONE No database access

目录结构

16 文件 · 111.2 KB · 3550 行
Python 11f · 3252L Shell 3f · 135L Markdown 1f · 128L JSON 1f · 35L
├─ 📁 tools
│ ├─ 🔧 check_permission.sh Shell 30L · 596 B
│ ├─ 🐍 compaction_manager.py Python 456L · 16.2 KB
│ ├─ 🐍 coordinator.py Python 221L · 7.4 KB
│ ├─ 🐍 cost_tracker.py Python 204L · 7.2 KB
│ ├─ 🐍 dream_consolidation.py Python 315L · 9.4 KB
│ ├─ 🐍 feature_flags.py Python 222L · 6.9 KB
│ ├─ 🐍 memory_manager.py Python 232L · 7.0 KB
│ ├─ 🐍 memory_relevance.py Python 305L · 9.2 KB
│ ├─ 🐍 permission_manager.py Python 475L · 14.3 KB
│ ├─ 🐍 slash_commands.py Python 307L · 9.4 KB
│ ├─ 🔑 token_budget.py Python 247L · 7.7 KB
│ └─ 🐍 tool_tracker.py Python 268L · 8.9 KB
├─ 🔧 install.sh Shell 31L · 742 B
├─ 🔧 launch.sh Shell 74L · 2.0 KB
├─ 📝 SKILL.md Markdown 128L · 3.4 KB
└─ 📋 version.json JSON 35L · 1004 B

安全亮点

✓ No network exfiltration or data theft behavior detected
✓ No credential harvesting (no access to ~/.ssh, ~/.aws, .env)
✓ No base64/eval obfuscation or obfuscated payloads
✓ No reverse shell or C2 infrastructure indicators
✓ No curl|bash or wget|sh remote script execution
✓ Dangerous functionality (stream_exec) was actively removed in recent version
✓ dream_consolidation defaults to dry-run mode and requires --force flag to delete
✓ Configuration files are scoped to the skill directory (~/.openclaw/bw-openclaw-boost/) not system-wide
✓ Permission manager correctly identifies and blocks fork bombs, rm -rf, dd block writes
✓ All openclaw CLI invocations are read-only (status, cron list) as documented