中文 EN

Scan Report

Scan New Files

This report was generated in Chinese. Some content may be in Chinese.
Trusted — Risk Score 5/100
Last scan:4 hr ago Rescan
5 /100
gateway-monitor-macos
Install and operate a local OpenClaw Gateway Monitor stack on macOS with LaunchAgent + watchdog
Gateway Monitor macOS 技能 — 合法本地监控工具,server.js 实现的监控/仪表盘功能符合 SKILL.md 声明,execSync 调用的 openclaw CLI 是预期的网关管理行为,MiniMax API 调用服务于用量追踪功能,无阴影行为或凭证外泄。
Skill Namegateway-monitor-macos
Duration56.3s
Enginepi
ClawHub Gateway Monitor (macOS) v1.1.1 by yes999zc
📥 400 📦 1
ClawHub Verdict Suspicious dangerous_execenv_credential_accessllm_suspiciouspotential_exfiltrationvt_suspicious
Safe to install
可直接使用。建议:增加 allowedTools 声明(filesystem:WRITE、shell:WRITE、network:READ、environment:READ);config restore 端点建议仅本地访问。

Findings 2 items

Severity Finding Location
Low
SKILL.md 缺少 declared permissions 声明 Priv Escalation
SKILL.md 没有声明 allowedTools;server.js 实际使用了 shell:WRITE(execSync)、filesystem:WRITE、network:READ、environment:READ、browser:READ(HTTP 服务)。这属于权限声明宽泛但不构成恶意。
声明缺失,无 declared permissions 字段
→ 在 SKILL.md 添加 allowedTools: ['Bash', 'Read', 'Write', 'WebFetch'] 声明
 SKILL.md:1
Low
config restore API 端点可覆盖用户 openclaw.json Sensitive Access
/api/restore-config 端点(GET, 需要 ?confirm=true)将 config-backups 目录中的备份文件复制到 ~/.openclaw/openclaw.json,存在覆盖用户配置的潜在风险,但需要攻击者已有机器访问权限。
fs.copyFileSync(backupPath, openclawJsonPath)
→ 该端点应限制为本地 127.0.0.1 访问,或增加额外鉴权
 assets/gateway-monitor/server.js:1796
ResourceDeclaredInferredStatusEvidence
Filesystem NONE WRITE ✗ Violation assets/gateway-monitor/server.js:line ~280(fs.copyFileSync ~/.openclaw/config-ba…
Shell NONE WRITE ✗ Violation assets/gateway-monitor/server.js:303(execSync openclaw status --json); assets/ga…
Network NONE READ ✗ Violation assets/gateway-monitor/server.js:29(fetchJson minimaxi.com); server.js:32(fetchJ…
Environment NONE READ ✗ Violation assets/gateway-monitor/server.js:269(process.env.MINIMAX_CP_KEY); server.js:20(p…
Skill Invoke NONE NONE N/A
Clipboard NONE NONE N/A
Browser NONE READ ✗ Violation assets/gateway-monitor/server.js:1883(server.listen PORT '0.0.0.0')提供 HTTP 服务端
Database NONE NONE N/A
4 findings
🔗
Medium External URL 外部 URL
https://www.minimaxi.com/v1/api/openplatform/coding_plan/remains
assets/gateway-monitor/server.js:29
🔗
Medium External URL 外部 URL
http://127.0.0.1:9981/v1/models
assets/gateway-monitor/server.js:32
🔗
Medium External URL 外部 URL
http://127.0.0.1:9981
assets/gateway-monitor/server.js:154
🔗
Medium External URL 外部 URL
http://www.apple.com/DTDs/PropertyList-1.0.dtd
scripts/install.sh:44

File Tree

8 files · 127.9 KB · 3870 lines
JavaScript 1f · 1974L HTML 1f · 1642L Shell 4f · 186L Markdown 2f · 68L
├─ 📁 assets
│ └─ 📁 gateway-monitor
│ ├─ 📁 public
│ │ └─ 📄 index.html HTML 1642L · 62.8 KB
│ ├─ 🔧 gateway-watchdog.sh Shell 33L · 1.5 KB
│ └─ 📜 server.js JavaScript 1974L · 57.9 KB
├─ 📁 scripts
│ ├─ 🔧 install.sh Shell 120L · 3.3 KB
│ ├─ 🔧 status.sh Shell 17L · 417 B
│ └─ 🔧 uninstall.sh Shell 16L · 452 B
├─ 📝 README.md Markdown 22L · 464 B
└─ 📝 SKILL.md Markdown 46L · 1.0 KB

Security Positives

✓ 代码结构清晰,无混淆、无 base64 执行、无 eval
✓ server.js 对外网络请求(MiniMax)服务于用量查询功能,与 openclaw gateway 监控定位一致
✓ MiniMax API key 来自本地 env 或 auth-profile,读取后仅用于用户自身用量查询,无外传行为
✓ execSync 调用的命令均为 openclaw CLI(status/restart),是声明的网关管理行为
✓ install.sh 幂等,备份机制完善(config-backups),卸载干净
✓ watchdog.sh 为标准 LaunchAgent 健康检查,符合 macOS 运维最佳实践
✓ 无 SSH 密钥、.env、AWS 凭证等敏感文件访问
✓ SSE 流、轮询均为标准监控实现,无异常通信