中文 EN

扫描报告

扫描新文件

可疑 — 风险评分 50/100
上次扫描:1 天前 重新扫描
50 /100
Grok Swarm
Multi-agent intelligence powered by Grok 4.20 Multi-Agent Beta for code analysis, refactoring, generation, and complex reasoning
Grok Swarm skill contains undocumented credential access from OpenClaw auth profiles and shell execution via --execute flag, with unpinned dependencies creating supply chain risk.
技能名称Grok Swarm
分析耗时57.8s
引擎pi
谨慎使用
Add explicit documentation of credential access sources and shell execution capability in SKILL.md. Pin openai dependency to a specific version. Consider restricting --execute to documented safe commands.

安全发现 3 项

严重性 安全发现 位置
中危
Undeclared credential access from OpenClaw auth profiles 文档欺骗
grok_bridge.py reads API keys from multiple OpenClaw auth profile locations (~/.openclaw/agents/*/auth-profiles.json) but this credential harvesting behavior is not declared in SKILL.md
auth_paths = [Path.home() / ".openclaw" / "agents" / "coder" / "agent" / "auth-profiles.json", ...]
→ Document all credential sources in SKILL.md or limit to explicitly user-configured paths only
 bridge/grok_bridge.py:65
中危
Undeclared arbitrary shell command execution 代码执行
cli.py provides --execute/-e flag that runs arbitrary shell commands via subprocess with shell=True. This is powerful RCE capability not mentioned in SKILL.md
subprocess.run(args.execute, shell=True, capture_output=True, text=True, timeout=300)
→ Either document this capability prominently in SKILL.md or restrict to a whitelist of safe commands
 bridge/cli.py:130
低危
Unpinned dependency with loose version constraint 供应链
install.sh installs openai>=1.0.0 without upper bound or exact version pinning, allowing any future malicious or buggy version
pip install -q openai>=1.0.0
→ Pin to specific version: openai==1.60.0 or similar
 install.sh:47
资源类型声明权限推断权限状态证据
文件系统 READ WRITE ✓ 一致 SKILL.md states 'File Writing' feature
网络访问 READ READ ✓ 一致 openrouter.ai API calls documented in SKILL.md
命令执行 NONE WRITE ✗ 越权 cli.py:130 subprocess.run with shell=True for --execute flag
环境变量 NONE READ ✗ 越权 grok_bridge.py:49 reads OPENROUTER_API_KEY and XAI_API_KEY; reads ~/.openclaw/*/…
技能调用 NONE NONE No skill invocation detected
1 项发现
🔗
中危 外部 URL 外部 URL
https://openrouter.ai/api/v1
bridge/grok_bridge.py:29

目录结构

7 文件 · 39.0 KB · 1255 行
Python 3f · 851L JavaScript 1f · 204L Markdown 1f · 89L Shell 1f · 84L JSON 1f · 27L
├─ 📁 bridge
│ ├─ 🐍 apply.py Python 190L · 5.6 KB
│ ├─ 🐍 cli.py Python 269L · 9.3 KB
│ ├─ 🐍 grok_bridge.py Python 392L · 13.6 KB
│ └─ 📜 index.js JavaScript 204L · 5.4 KB
├─ 🔧 install.sh Shell 84L · 2.4 KB
├─ 📋 openclaw.plugin.json JSON 27L · 837 B
└─ 📝 SKILL.md Markdown 89L · 1.9 KB

依赖分析 1 项

包名版本来源已知漏洞备注
openai >=1.0.0 pip Version not pinned - major supply chain risk

安全亮点

✓ Path traversal protection exists in file writing operations via _safe_dest() and relative_to() checks
✓ File writes default to dry-run mode unless --apply flag is explicitly provided
✓ Validates contained paths before writing to prevent directory escape
✓ API calls are to legitimate openrouter.ai endpoint, not hidden C2 infrastructure
✓ Morph LLM integration has path validation before file operations
✓ No base64 encoding, eval(), or obfuscation detected
✓ No direct IP network requests to suspicious destinations