ai-orchestrator 安全扫描报告 — 低风险 | ClawSafe

20 /100

ai-orchestrator

DeepSeek AI via Puppeteer + CDP interceptor with persistent daemon, session persistence, diagnostics, and PM2 management

The skill is a legitimate DeepSeek AI browser automation tool using Puppeteer with proper documentation. High-risk IOCs flagged by pre-scan are false positives from pattern matching.

技能名称ai-orchestrator

分析耗时59.6s

引擎pi

✓

可以安装

The skill can be used safely. Consider pinning puppeteer versions for improved supply-chain security.

安全发现 4 项

严重性	安全发现	位置
低危	Pre-scan IOC: Dangerous rm command flagged Pattern matcher flagged 'rm -rf /' at line 133, but actual code shows 'rm -rf /dev/shm/.com.google.Chrome.' - legitimate Chrome lock file cleanup in /dev/shm and /tmp only execSync(`rm -rf /dev/shm/.com.google.Chrome. 2>/dev/null \|\| true`) → False positive - no action needed. Command is properly scoped to temporary Chrome lock files.	`ask-puppeteer.js:133`
低危	Pre-scan IOC: Base64 encoding pattern Buffer.from(body, 'base64') flagged as potential obfuscation. This is legitimate CDP network response body decoding - necessary for API response interception `body = Buffer.from(body, 'base64').toString('utf8')` → False positive - base64 decoding is standard for CDP response handling, not code obfuscation	`ask-puppeteer.js:557`
提示	Hardcoded user agent string User agent masquerades as regular Chrome browser, which is standard practice for browser automation `'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36'` → Standard automation practice - no security concern for this use case	`ask-puppeteer.js:710`
提示	Dependency versions not strictly pinned puppeteer: ^24.40.0 allows minor/patch updates `"puppeteer": "^24.40.0"` → Consider pinning to specific versions for improved supply-chain security	`package.json:14`

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	Uses fs.writeFileSync for session files, cache, and diagnostics - all within ski…
网络访问	`READ`	`READ`	✓ 一致	Only connects to https://chat.deepseek.com/, uses CDP for API interception
命令执行	`WRITE`	`WRITE`	✓ 一致	Limited execSync for Chrome process cleanup and lock file removal - scoped to br…
浏览器	`WRITE`	`WRITE`	✓ 一致	Puppeteer browser automation - declared as core functionality

2 严重 1 高危 4 项发现

💀

严重危险命令危险 Shell 命令

rm -rf /

ask-puppeteer.js:133

🔒

严重编码执行 Base64 编码执行（代码混淆）

Buffer.from(body, 'base64'

ask-puppeteer.js:557

📡

高危 IP 地址硬编码 IP 地址

131.0.0.0

ask-puppeteer.js:710

🔗

中危外部 URL 外部 URL

https://chat.deepseek.com/

ask-puppeteer.js:215

目录结构

10 文件 · 167.1 KB · 4243 行

JavaScript 5f · 2436L JSON 2f · 1221L Markdown 2f · 427L Shell 1f · 159L

├─ 🔧 ask-deepseek.sh Shell 159L · 5.8 KB

├─ 📜 ask-puppeteer.js JavaScript 1693L · 69.7 KB

├─ 📜 auth-check.js JavaScript 215L · 8.7 KB

├─ 📜 daemon-healthcheck.js JavaScript 292L · 10.6 KB

├─ 📜 deepseek-daemon.js JavaScript 80L · 2.8 KB

├─ 📜 diagnostics.js JavaScript 156L · 8.5 KB

├─ 📋 package-lock.json JSON 1199L · 42.2 KB

├─ 📋 package.json JSON 22L · 707 B

├─ 📝 REFERENCE.md Markdown 323L · 15.0 KB

└─ 📝 SKILL.md Markdown 104L · 3.0 KB

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`puppeteer`	`^24.40.0`	npm	否	Version not strictly pinned, allows minor updates
`puppeteer-core`	`^24.40.0`	npm	否	Version not strictly pinned

安全亮点

✓ No credential harvesting - script does not access ~/.ssh, ~/.aws, .env, or similar sensitive paths

✓ No data exfiltration - all data stays local, only connects to DeepSeek API

✓ Shell execution is limited to browser cleanup tasks, not arbitrary command execution

✓ Session data stored locally in skill directory only

✓ Proper error handling with try/catch throughout

✓ Rate limiting implemented to prevent abuse

✓ No eval(), no remote script execution (curl|bash pattern absent)

✓ No hidden functionality - code behavior matches SKILL.md documentation