安全决策报告
Bitget Trader
Legitimate cryptocurrency trading automation for Bitget exchange with critically sensitive API credentials embedded in plaintext config files, representing significant credential theft risk if compromised.
最直接的威胁证据
严重 凭证窃取
Exposed API Credentials in Plaintext Real Bitget exchange API credentials (apiKey, secretKey, passphrase) are embedded in plaintext in config.json and multi_agent_config.json. These credentials enable spot trading and could be harvested for unauthorized trading or fund theft.
config.json:1 为什么得出这个结论
2/4 个维度触发 阻止
声明与实际能力
发现 2 项声明之外的能力或越权行为。
复核
隐藏执行与外联
提取到 10 个一般风险产物,需要结合上下文判断。
阻止
攻击链与高危发现
报告包含 3 步攻击链,另有 1 项高危或严重发现。
通过
依赖与供应链卫生
依赖结构存在,但暂未看到明显高危告警。
攻击链
01
Attacker gains read access to workspace directory
reconnaissance · config.json:1
02
Extracts plaintext API credentials from config.json or multi_agent_config.json
最终危害 · config.json:2
03
Uses harvested credentials to execute unauthorized trades on Bitget exchange
最终危害 · api.bitget.com
风险分是怎么被拉高的
Exposed API credentials in config files +25
Real Bitget API keys, secret keys, and passphrase embedded in plaintext in config.json and multi_agent_config.json
No declared credential handling policy +10
SKILL.md instructs users to save credentials but doesn't warn about security implications
Legitimate shell execution via child_process +5
execSync used in setup-cron.js and bitget-cli.js for running openclaw commands, documented but broad
Network access to legitimate API only +-5
All network requests go to api.bitget.com - no suspicious external connections
最关键的证据
严重 凭证窃取
Exposed API Credentials in Plaintext
Real Bitget exchange API credentials (apiKey, secretKey, passphrase) are embedded in plaintext in config.json and multi_agent_config.json. These credentials enable spot trading and could be harvested for unauthorized trading or fund theft.
config.json:1 Use environment variables (BITGET_API_KEY, BITGET_SECRET_KEY) instead of storing credentials in files. Add config.json to .gitignore immediately.
中危 文档欺骗
Network Capability Mismatch
SKILL.md declares network:READ but the scripts perform POST requests to place/cancel orders, representing WRITE operations on the exchange.
SKILL.md:1 Update SKILL.md to declare network:WRITE permission and document all trading capabilities
中危 权限提升
Undeclared Shell Execution
setup-cron.js and bitget-cli.js use execSync to run openclaw CLI commands and spawn Node.js scripts. This shell:WRITE capability is not declared in SKILL.md.
setup-cron.js:28 Document shell execution requirements in SKILL.md if intentional, or refactor to use native Node.js APIs
低危 供应链
HttpsProxyAgent Dependency
Some scripts reference https-proxy-agent package for proxy support, but this external dependency is not declared in any requirements.txt or package.json.
rebalance.js:8 Create package.json to document all dependencies and versions
声明能力 vs 实际能力
文件系统 通过
声明 READ
→ 推断 READ
All scripts read config.json and grid_settings.json 网络访问 阻止
声明 READ
→ 推断 WRITE
Places/cancels orders, not just reads data 命令执行 阻止
声明 NONE
→ 推断 WRITE
setup-cron.js:28, bitget-cli.js:89 use execSync 技能调用 通过
声明 NONE
→ 推断 READ
CLI dispatches to other scripts via execSync 可疑产物与外联
中危 外部 URL
https://api.bitget.com/api/v2/spot/market/tickers?symbol=SOLUSDT GRID_STATUS_2026-03-17_2208.md:117
中危 外部 URL
https://www.bitget.com MANUAL_SETUP.md:26
中危 外部 URL
https://api.bitget.com MULTI_AGENT_SETUP_GUIDE.md:331
中危 外部 URL
https://www.google.com MULTI_AGENT_TEST_REPORT_2026-03-17.md:189
中危 外部 URL
https://www.investopedia.com/ QUANT_SYSTEM.md:233
中危 外部 URL
https://www.quantconnect.com/ QUANT_SYSTEM.md:234
中危 外部 URL
http://127.0.0.1:7897 README.md:242
中危 外部 URL
https://api.bitget.com$ dynamic-adjust-v2.js:14
中危 外部 URL
https://api.binance.com/api/v3/klines?symbol=$ dynamic-adjust.js:16
中危 外部 URL
https://api.binance.com/api/v3/ticker/price?symbol=$ dynamic-adjust.js:45
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| https-proxy-agent | unknown | implicit | 否 | Referenced in code but not in declared dependencies |
| Node.js built-ins | N/A | stdlib | 否 | fs, crypto, path, https, http, child_process |
文件构成
137 个文件 · 22340 行
JavaScript 74 个文件 · 13942 行Markdown 39 个文件 · 7314 行JSON 21 个文件 · 1007 行Shell 3 个文件 · 77 行
需关注文件 · 3
config.json Exposed API Credentials in Plaintext
dynamic-adjust-v2.js https://api.bitget.com$
dynamic-adjust.js https://api.binance.com/api/v3/klines?symbol=$ · https://api.binance.com/api/v3/ticker/price?symbol=$
其他文件 · smart-grid.js · multi_agent_controller.js · quant-trader.js · apply-scheme-a-final.js · deploy-highfreq-grids.js · trade-analyzer.js +3
安全亮点
All network requests go to legitimate Bitget API (api.bitget.com)
No base64-encoded malicious code or obfuscation detected
No remote code execution via curl|bash patterns
No credential exfiltration to external servers
Proper HMAC-SHA256 API signing implemented correctly
No hidden backdoor functionality discovered
No evidence of C2 communication or data theft
No sensitive file access (.ssh, .aws, .env) beyond documented config paths