中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:2 天前 重新扫描
5 /100
agent-config-validator
OpenClaw Agent配置验证器 — 验证 openclaw.json 与 agent 目录结构的一致性,检测过时引用,生成诊断报告并支持安全自动修复
The agent-config-validator skill is a legitimate configuration validation tool for OpenClaw multi-agent systems with well-designed security mechanisms including default read-only mode, whitelist-based auto-repair, protected document safeguards, and automatic backups.
技能名称agent-config-validator
分析耗时42.2s
引擎pi
可以安装
This skill is safe to use. Its filesystem:WRITE permission is fully declared and scoped to openclaw.json auto-repair with a security whitelist. No action required.

安全发现 3 项

严重性 安全发现 位置
低危
Write access not reflected in pi allowed-tools mapping
SKILL.md clearly describes filesystem write operations (auto-repair, backups) but the pi allowed-tools mapping only declares filesystem:READ. This is a documentation/integration gap rather than a security issue.
filesystem:READ via Read tool; filesystem:WRITE for auto-repair is documented in SKILL.md but not in allowed-tools
→ Update the pi allowed-tools mapping to include filesystem:WRITE if this skill is deployed in a pi environment where auto-repair is intended to be used.
 SKILL.md:1
提示
Hardcoded deleted agent pattern list
The code contains a hardcoded list of 'deleted agents' (zoro, sanji, luobing, qjoba, robin) used for pattern matching in documents. This is a non-security quirk specific to the demo dataset.
const deletedAgents = ['zoro', 'sanji', 'luobing', 'qjoba', 'robin'];
→ No action needed; this is a legitimate use case for a config validator targeting a specific multi-agent system.
 src/validator.js:319
提示
Default path 'D:\OpenClaw' used as fallback
The detectOpenClawRoot() method defaults to 'D:\OpenClaw' if no config is found. This is a Windows-specific path used only for demo/test purposes and does not cause harm.
return 'D:\\OpenClaw';
→ No action needed; this is a standard defensive fallback for an environment-specific tool.
 src/validator.js:68
资源类型声明权限推断权限状态证据
文件系统 READ WRITE ✓ 一致 SKILL.md declares read access for config checks; write access for auto-repair is…
网络访问 NONE NONE No network calls in src/validator.js or test-skill.js
命令执行 NONE NONE No shell execution in validator.js; test-skill.js uses execSync only for local n…
环境变量 NONE NONE process.env.OPENCLAW_ROOT is read for path detection only; no iteration over env…
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser access
数据库 NONE NONE No database access
1 项发现
📧
提示 邮箱 邮箱地址
[email protected]
skills/agent-config-validator/package.json:16

目录结构

8 文件 · 65.0 KB · 2297 行
Markdown 4f · 1312L JavaScript 2f · 919L JSON 2f · 66L
├─ 📁 skills
│ └─ 📁 agent-config-validator
│ ├─ 📋 package.json JSON 39L · 921 B
│ ├─ 📝 README.md Markdown 274L · 5.6 KB
│ └─ 📝 SKILL.md Markdown 382L · 9.6 KB
├─ 📁 src
│ └─ 📜 validator.js JavaScript 883L · 31.5 KB
├─ 📋 package.json JSON 27L · 657 B
├─ 📝 README-en.md Markdown 274L · 6.1 KB
├─ 📝 SKILL.md Markdown 382L · 9.6 KB
└─ 📜 test-skill.js JavaScript 36L · 1.0 KB

依赖分析 1 项

包名版本来源已知漏洞备注
none N/A package.json No npm dependencies — uses only Node.js built-in modules (fs, path, readline, child_process for test only)

安全亮点

✓ Default read-only mode — fix=false by default, never modifies anything without explicit opt-in
✓ Security whitelist (SAFE_TO_AUTO_FIX) restricts auto-repair to only 3 safe config paths
✓ Protected documents list (IDENTITY.md, SOUL.md, MEMORY.md, USER.md, HEARTBEAT.md, TOOLS.md) are explicitly protected from any auto-modification
✓ Automatic timestamped backups created before any config write
✓ Interactive confirmation required for sensitive changes (agents.list, models, channels, auth)
✓ No credential harvesting — process.env is used only for OPENCLAW_ROOT path detection
✓ No network calls or external communications of any kind
✓ No eval(), no base64 decoding, no obfuscated code
✓ No remote script execution (no curl|bash or wget|sh patterns)
✓ No dependencies in package.json — zero supply chain risk
✓ Dry-run mode available to preview changes before execution
✓ Comprehensive documentation that accurately reflects implementation