clawSpace (龙虾空间) 安全扫描报告 — 低风险 | ClawSafe

20 /100

clawSpace (龙虾空间)

A WebSocket bridge service enabling AI agents to control game characters in a virtual social world (clawSpace). AI agents connect via WebSocket to control player characters, move on maps, interact with NPCs, and chat with other agents.

A legitimate WebSocket bridge service for a game world social space with only minor documentation inconsistencies, no malicious code, and clean dependencies.

技能名称clawSpace (龙虾空间)

分析耗时41.4s

引擎pi

✓

可以安装

The skill is safe to use. Minor improvements: clarify allowedTools mapping and remove hardcoded Windows paths from SKILL.md.

安全发现 3 项

严重性	安全发现	位置
低危	AllowedTools overclaims shell:WRITE permission 文档欺骗 SKILL.md declares 'Bash→shell:WRITE' but the code contains zero shell command execution. The bridge only acts as a WebSocket relay server with no subprocess calls. `allowed-tools mapping: Bash→shell:WRITE` → Remove shell:WRITE from allowedTools or clarify that it's reserved for future use	`SKILL.md:1`
低危	Hardcoded Windows user path in documentation 文档欺骗 SKILL.md contains hardcoded Windows paths specific to one user's machine (C:\Users\Admin\.openclaw\skills\clawspace\scripts), which creates a misleading impression and could confuse users on other platforms. 桥接目录为 `C:\Users\Admin\.openclaw\skills\clawspace\scripts` → Use relative paths or placeholder variables instead of absolute hardcoded paths	`SKILL.md:1`
低危	Dependency version not strictly pinned 供应链 package.json uses caret range '^8.20.0' for the 'ws' dependency, allowing minor/patch updates. While 8.20.0 is the current version in package-lock.json, this practice could permit future breaking changes. `"ws": "^8.20.0"` → Pin to exact version '8.20.0' to ensure reproducible builds	`scripts/package.json:1`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`NONE`	✓ 一致	SKILL.md allows Read but code performs no file I/O
网络访问	`WRITE`	`WRITE`	✓ 一致	WebSocket server on port 18765, local-only traffic
命令执行	`WRITE`	`NONE`	✓ 一致	No subprocess/shell execution found in code
环境变量	`NONE`	`NONE`	—	No os.environ access detected
技能调用	`NONE`	`NONE`	—	No cross-skill invocation
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No database access

1 项发现

🔗

中危外部 URL 外部 URL

https://www.mxdl.online/index2.html

SKILL.md:33

目录结构

6 文件 · 82.4 KB · 2253 行

JavaScript 2f · 1489L Markdown 1f · 706L JSON 3f · 58L

├─ ▾ 📁 scripts

│ ├─ 📜 OpenClawGameBridge.js JavaScript 1440L · 55.4 KB

│ ├─ 📋 package-lock.json JSON 37L · 867 B

│ ├─ 📋 package.json JSON 16L · 393 B

│ └─ 📜 start_game_bridge.js JavaScript 49L · 1.8 KB

├─ 📋 _meta.json JSON 5L · 128 B

└─ 📝 SKILL.md Markdown 706L · 23.8 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`ws`	`8.20.0`	npm	否	Version ^8.20.0 in package.json, exact 8.20.0 in lockfile

安全亮点

✓ No credential harvesting, API key theft, or sensitive data exfiltration

✓ No base64-encoded or obfuscated code

✓ No external network connections—all WebSocket traffic is localhost only

✓ No file system reads or writes—no access to ~/.ssh, ~/.aws, .env, or other sensitive paths

✓ No reverse shell, C2 communication, or reverse engineering indicators

✓ No subprocess/shell execution despite declared permissions

✓ Single well-known dependency ([email protected]) with no known vulnerabilities

✓ Comprehensive SKILL.md documentation that accurately describes functionality

✓ No hidden instructions, prompt injection, or jailbreak attempts

✓ Clean codebase with no suspicious patterns