中文 EN
Start Review
Skill Trust Decision

agent-kanban

Agent 监控面板工具,存在硬编码 Gateway Token 和依赖版本未锁定问题,但功能本身是合法的本地监控工具,无外部数据外泄证据

Install decision first Source: Manual upload Scanned: Apr 5, 2026
Files 6
Artifacts 6
Violations 1
Findings 3
Most direct threat evidence
High Credential Theft
硬编码 Gateway Token

config.js 中硬编码了真实的 Gateway Token (c80aa67f773b3045792ba7afbf2e22fc09cb7b37c63019e3),敏感凭证存储在代码中而非环境变量或配置文件

assets/agent-kanban/config.js:36

Why this conclusion was reached

2/4 dimensions flagged
Block
Declared vs actual capability

1 undeclared or violating capabilities were inferred.

Review
Hidden execution and egress

6 lower-risk artifacts were extracted and still need context.

Block
Attack chain and severe findings

The report includes 0 attack-chain steps and 1 severe findings.

Review
Dependencies and supply chain hygiene

1 dependency or supply-chain issues need attention.

What drove the risk score up

硬编码敏感凭证 +20

config.js:36 硬编码了真实的 Gateway Token,属于敏感凭证存储在代码中

依赖版本未锁定 +10

package.json 中 express 使用 ^4.18.2,未锁定具体版本,存在供应链风险

文档与实现不符 +10

SKILL.md 声称 'auto-loaded from openclaw.json',但代码中存在硬编码 token

Most important evidence

High Credential Theft

硬编码 Gateway Token

config.js 中硬编码了真实的 Gateway Token (c80aa67f773b3045792ba7afbf2e22fc09cb7b37c63019e3),敏感凭证存储在代码中而非环境变量或配置文件

assets/agent-kanban/config.js:36
将 token 字段设为空字符串或移除,强制从 openclaw.json 读取,添加注释说明配置方法
Medium Supply Chain

Express 依赖版本未锁定

package.json 中 express 版本为 ^4.18.2,使用 caret 允许次版本升级,可能引入恶意版本

assets/agent-kanban/package.json:10
锁定具体版本如 4.18.2,定期检查安全公告
Medium Doc Mismatch

文档声明与实现不符

SKILL.md 声称 'Gateway Token is auto-loaded from ~/.openclaw/openclaw.json - no manual configuration required',但 config.js 中存在硬编码 token,可能误导用户认为不需要配置

SKILL.md:72
更新文档说明:开发环境使用 config.local.js,生产环境应从 openclaw.json 读取

Declared capability vs actual capability

Filesystem Pass
Declared READ
Inferred READ
server.js:116 读取 openclaw.json,server.js:195 读取 agent workspace 文件
Network Pass
Declared READ
Inferred READ
server.js:56 访问 Gateway API (127.0.0.1:18789),仅本地通信
Shell Pass
Declared NONE
Inferred NONE
无 shell 执行代码,仅通过 Gateway API 通信
Environment Pass
Declared NONE
Inferred NONE
仅读取 HOME 环境变量用于拼接路径,无敏感环境变量访问
credential Block
Declared NONE
Inferred WRITE
config.js:36 硬编码 Gateway Token,凭证被写入代码文件

Suspicious artifacts and egress

Medium External URL
http://127.0.0.1:18789

SKILL.md:72

Medium External URL
https://registry.npmmirror.com/react/18/files/umd/react.production.min.js

assets/agent-kanban/public/index.html:411

Medium External URL
https://registry.npmmirror.com/react-dom/18/files/umd/react-dom.production.min.js

assets/agent-kanban/public/index.html:412

Medium External URL
https://api.dicebear.com/7.x/pixel-art/svg?seed=$

assets/agent-kanban/public/index.html:434

Medium External URL
https://img.shields.io/badge/style-Bloomberg%20Terminal-orange

references/README.md:5

Medium External URL
http://127.0.0.1:18789/tools/invoke

references/README.md:139

Dependencies and supply chain

PackageVersionSourceKnown vulnNotes
express ^4.18.2 npm No 版本未锁定,使用 caret 允许升级

File composition

6 files · 1863 lines
HTML 1 files · 1098 linesMarkdown 2 files · 403 linesJavaScript 2 files · 350 linesJSON 1 files · 12 lines
Files of concern · 5
assets/agent-kanban/public/index.html HTML · 1098 lines
https://registry.npmmirror.com/react/18/files/umd/react.production.min.js · https://registry.npmmirror.com/react-dom/18/files/umd/react-dom.production.min.js · https://api.dicebear.com/7.x/pixel-art/svg?seed=$
SKILL.md Markdown · 205 lines
文档声明与实现不符 · http://127.0.0.1:18789
references/README.md Markdown · 198 lines
https://img.shields.io/badge/style-Bloomberg%20Terminal-orange · http://127.0.0.1:18789/tools/invoke
assets/agent-kanban/config.js JavaScript · 51 lines
硬编码 Gateway Token
assets/agent-kanban/package.json JSON · 12 lines
Express 依赖版本未锁定
Other files · server.js

Security positives

功能定位清晰 - Agent 监控面板,合法用途
无外部数据外泄 - 所有网络请求仅访问本地 Gateway
无代码混淆 - 代码清晰可读,无 base64 编码或混淆
无 shell 执行 - 不执行外部命令,安全性高
无反分析技术 - 无反调试或反虚拟机检测
无持久化后门 - 无计划任务或开机启动配置