中文 EN

扫描报告

扫描新文件

高风险 — 风险评分 65/100
上次扫描:1 天前 重新扫描
65 /100
task-progress-stream
Stream long-running task progress into the OpenClaw chat UI
The skill executes arbitrary shell commands through user-controlled input without declaring shell:WRITE capability in SKILL.md, representing a significant undeclared privilege escalation vector.
技能名称task-progress-stream
分析耗时30.7s
引擎pi
不要安装此技能
Do not approve this skill without declaring shell:WRITE capability. The --cmd parameter allows arbitrary command execution which could be exploited for privilege escalation.

攻击链 3 步

提权 User invokes skill with --cmd parameter
scripts/task_progress_stream.js:265
提权 Arbitrary command passed to /bin/bash -lc without validation
scripts/task_progress_stream.js:285
影响 Attacker can run: curl|bash from external source, pip install malicious packages, or access system resources
scripts/task_progress_stream.js:285

安全发现 3 项

严重性 安全发现 位置
高危
Undeclared shell command execution 权限提升
The skill accepts a --cmd parameter that is passed directly to /bin/bash without any validation or sanitization. This allows execution of arbitrary shell commands, which is not declared in SKILL.md's allowed tools or capability model.
const child = spawn('/bin/bash', ['-lc', cmd], { cwd, stdio: ['ignore', 'pipe', 'pipe'], detached: true });
→ Declare shell:WRITE capability in SKILL.md metadata, or restrict to specific safe commands, or implement command allowlisting.
 scripts/task_progress_stream.js:285
高危
No command validation or sanitization 权限提升
The user-supplied command string is executed verbatim through bash -lc without any checks for dangerous operations (pip install, curl|bash, etc.).
spawn('/bin/bash', ['-lc', cmd]
→ Implement input validation or use spawn with argument array instead of shell evaluation to prevent command injection.
 scripts/task_progress_stream.js:285
中危
Filesystem write operations not declared 文档欺骗
The skill writes status JSON, Markdown, and log files to a configurable outDir but this filesystem:WRITE usage is not documented.
writeJson(files.json, state); writeText(files.md, renderStatusMarkdown(state));
→ Document filesystem:WRITE usage in SKILL.md or use a temporary directory with auto-cleanup.
 scripts/task_progress_stream.js:234
资源类型声明权限推断权限状态证据
命令执行 NONE WRITE ✗ 越权 scripts/task_progress_stream.js:285 - spawn('/bin/bash', ['-lc', cmd])
文件系统 NONE WRITE ✗ 越权 scripts/task_progress_stream.js:279-281 - creates outDir and status files
网络访问 NONE NONE openclaw gateway call is local IPC only

目录结构

2 文件 · 14.0 KB · 528 行
JavaScript 1f · 473L Markdown 1f · 55L
├─ 📁 scripts
│ └─ 📜 task_progress_stream.js JavaScript 473L · 12.9 KB
└─ 📝 SKILL.md Markdown 55L · 1.1 KB

安全亮点

✓ No credential harvesting - script does not read API keys, tokens, or passwords
✓ No data exfiltration - only local IPC with openclaw gateway, no external network requests
✓ No obfuscation - code is readable JavaScript without base64 or eval() tricks
✓ No malicious dependencies - no package.json with untrusted packages
✓ Progress parsing is legitimate functionality as documented