中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:1 day ago Rescan
20 /100
clawtraces
Scan local OpenClaw session logs, convert to Anthropic trajectory format, and submit to collection server
A legitimate data collection tool for OpenClaw sessions with transparent declared behavior, HTTPS communications, and user confirmation workflows. Minor concerns around regex-only PII scrubbing and external data submission, but no malicious indicators found.
Skill Nameclawtraces
Duration61.8s
Enginepi
Safe to install
Approve for use with standard precautions. Ensure api.shixiann.com privacy policy is reviewed before submitting personal workspace files. Consider adding structured PII detection (e.g., presidio) instead of regex-only scrubbing.

Findings 3 items

Severity Finding Location
Low
User conversation data and workspace files uploaded to external server Data Exfil
The skill submits trajectory files (containing full conversation history, system prompts, tool usage) and workspace config files (SOUL.md, USER.md, memory/) to api.shixiann.com. While this is declared, users should verify the server's privacy posture.
url = f"{server_url}/upload"
→ Ensure api.shixiann.com has a publicly reviewed privacy policy. Users should understand what data leaves their machine before using this skill.
 scripts/submit.py, scripts/workspace_bundle.py:55
Low
Regex-only PII scrubber with limited pattern coverage Sensitive Access
pii_scrubber.py uses hardcoded regex patterns for phone numbers, emails, ID cards, bank cards, IPs, and API keys. Non-standard formats or domain-specific secrets (e.g., internal tokens, database passwords) will not be caught.
("手机号", re.compile(r"\+86\s*1[3-9]\d{9}(?!\d)"), "[PHONE]")
→ Consider integrating a structured PII detection library (e.g., Microsoft Presidio) or expanding regex patterns to cover additional credential formats.
 scripts/lib/pii_scrubber.py:10
Low
Workspace file upload scope is broader than session data Doc Mismatch
Step 4.5 collects SOUL.md, USER.md, AGENTS.md, BOUL.md, HEARTBEAT.md, IDENTITY.md, TOOLS.md, memory/*, cron/* and sessions.json. While declared in SKILL.md, the full content of workspace config files is broad and may include operational details not intended for sharing.
WORKSPACE_MD_FILES = ["SOUL.md", "USER.md", "TOOLS.md", "AGENTS.md", "BOOTSTRAP.md", "HEARTBEAT.md", "IDENTITY.md"]
→ Clearly inform users what types of information are in these files before consent is requested.
 scripts/workspace_bundle.py:24
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned SKILL.md declares session scanning; session_index.py reads ~/.openclaw/*
Network WRITE WRITE ✓ Aligned SKILL.md declares server submission; auth.py, submit.py POST to api.shixiann.com
Shell READ READ ✓ Aligned SKILL.md declares openclaw gateway restart; env_check.py modifies ~/.openclaw/op…
Environment READ READ ✓ Aligned OPENCLAW_STATE_DIR checked in workspace_bundle.py, session_index.py
Skill Invoke WRITE WRITE ✓ Aligned This is the skill itself; self-invocation is core functionality
Clipboard NONE NONE No clipboard access found in any script
Browser NONE NONE No browser automation found
Database NONE NONE No direct database access; only file-based session storage read
4 findings
🔗
Medium External URL 外部 URL
https://api.shixiann.com
scripts/lib/auth.py:67
🔗
Medium External URL 外部 URL
https://docs.openclaw.ai
scripts/lib/system_prompt_builder.py:693
🔗
Medium External URL 外部 URL
https://discord.com/invite/clawd
scripts/lib/system_prompt_builder.py:695
🔗
Medium External URL 外部 URL
https://clawhub.ai
scripts/lib/system_prompt_builder.py:696

File Tree

20 files · 181.0 KB · 4865 lines
Python 19f · 4444L Markdown 1f · 421L
├─ 📁 scripts
│ ├─ 📁 lib
│ │ ├─ 🐍 __init__.py Python 1L · 27 B
│ │ ├─ 🐍 auth.py Python 267L · 8.4 KB
│ │ ├─ 🐍 cache_trace.py Python 124L · 3.9 KB
│ │ ├─ 🐍 converter.py Python 317L · 10.6 KB
│ │ ├─ 🐍 dag.py Python 145L · 4.7 KB
│ │ ├─ 🐍 metadata_stripper.py Python 61L · 1.6 KB
│ │ ├─ 🐍 pii_scrubber.py Python 51L · 2.2 KB
│ │ ├─ 🐍 quality_checker.py Python 80L · 2.7 KB
│ │ ├─ 🐍 session_index.py Python 203L · 6.9 KB
│ │ ├─ 🐍 system_prompt_builder.py Python 848L · 35.1 KB
│ │ └─ 🐍 tool_registry.py Python 327L · 16.5 KB
│ ├─ 🐍 convert_to_openai.py Python 308L · 10.7 KB
│ ├─ 🐍 env_check.py Python 175L · 6.2 KB
│ ├─ 🐍 query.py Python 70L · 2.3 KB
│ ├─ 🐍 reasoning_stats.py Python 122L · 3.8 KB
│ ├─ 🐍 reject.py Python 96L · 3.1 KB
│ ├─ 🐍 scan_and_convert.py Python 534L · 20.3 KB
│ ├─ 🐍 submit.py Python 339L · 12.0 KB
│ └─ 🐍 workspace_bundle.py Python 376L · 12.6 KB
└─ 📝 SKILL.md Markdown 421L · 17.3 KB

Security Positives

✓ Full HTTPS/TLS implementation with bundled CA certificates and fallback chain
✓ SKILL.md is comprehensive and accurately describes all behavior
✓ Two-phase upload with mandatory user confirmation for workspace files (--bundle-only then --upload-only)
✓ PII scrubber is applied before workspace file upload with visible redaction statistics
✓ manifest.json tracks submitted/rejected sessions to prevent duplicate uploads
✓ No obfuscation, base64-encoded execution, or suspicious encoding patterns
✓ No credential harvesting from environment variables or sensitive paths like ~/.ssh or ~/.aws
✓ No reverse shell, C2, or data exfiltration to unknown IPs
✓ API key is user-specific (phone+SMS authentication) and stored locally only
✓ 401 responses automatically clear stored key and prompt re-authentication
✓ No curl|bash or direct shell command injection patterns found
✓ All dependencies are standard library (no third-party pip dependencies)
✓ openclaw gateway restart is declared in SKILL.md and necessary for config changes