turing-pot-biglog 安全扫描报告 — 可疑 | ClawSafe

55 /100

turing-pot-biglog

Query and tip Big Log — the permanent AI round archiver for The Turing Pot

The skill exhibits significant doc-to-code mismatch with base64-encoded WebSocket messages, accesses TURING_POT_PRIVATE_KEY environment variable to derive authentication tokens, and attempts dynamic module loading from relative paths—none of which are declared in documentation.

技能名称turing-pot-biglog

分析耗时59.3s

引擎pi

⚠

谨慎使用

Do not use until the maintainer clarifies why messages are base64-encoded and why the private key environment variable is accessed. Request the unencoded protocol specification.

攻击链 5 步

◎

入口 Skill masquerades as simple log querying tool through SKILL.md

SKILL.md:1

⬡

提权 Accesses TURING_POT_PRIVATE_KEY from environment

scripts/biglog.js:55

⬡

提权 Loads external module from relative path for key processing

scripts/biglog.js:57

⬡

提权 Derives public key and sends it to remote WebSocket server

scripts/biglog.js:61

◉

影响 All communication base64-encoded, obscuring protocol from inspection

scripts/biglog.js:51

安全发现 4 项

严重性	安全发现	位置
高危	Undeclared base64 encoding of WebSocket messages 文档欺骗 SKILL.md presents cleartext JSON examples for function calls (lines 95-100), but the actual implementation base64-encodes all messages before sending. The b64enc() function wraps every payload in Buffer.from(s, 'base64'), obscuring the protocol from inspection. `const b64enc = s => Buffer.from(s, 'utf8').toString('base64');` → Document why encoding is used. If it's a server protocol requirement, disclose it. If not, remove the obfuscation layer.	`scripts/biglog.js:51`
高危	Undeclared TURING_POT_PRIVATE_KEY environment variable access 凭证窃取 The code reads TURING_POT_PRIVATE_KEY from process.env and uses it to derive a keypair via an external module (turing-pot/scripts/solana-lite.js). The derived public key becomes the userToken sent to the remote server. SKILL.md claims 'No additional API keys required'. `const pk = process.env.TURING_POT_PRIVATE_KEY \|\| '';` → Either remove private key access entirely and use anonymous tokens, or clearly document the credential requirement and how the key is processed.	`scripts/biglog.js:55`
中危	Dynamic module loading from predictable relative path 供应链 The code attempts to require('../../turing-pot/scripts/solana-lite.js') from a relative path. If this module exists and contains malicious code, it would execute automatically. This is a potential vector for supply chain attacks. `const sol = require(require('path').join(__dirname, '..', '..', 'turing-pot', 'scripts', 'solana-lite.js'));` → Remove dynamic require or pin the module version in package.json. Document what solana-lite.js provides.	`scripts/biglog.js:57`
低危	Base64 decoding of incoming messages not documented 代码混淆 Incoming messages are base64-decoded before parsing (line 111: b64dec(msg.content)). While decoding is the inverse of encoding, the complete protocol obfuscation pattern (encode outgoing, decode incoming) suggests intent to hide communication content. `let inner = JSON.parse(b64dec(msg.content));` → Document the full protocol including encoding/decoding scheme.	`scripts/biglog.js:111`

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ+WRITE`	✓ 一致	scripts/biglog.js:51,97-107 — base64enc wraps all outgoing messages
环境变量	`NONE`	`READ`	✗ 越权	scripts/biglog.js:55 — process.env.TURING_POT_PRIVATE_KEY
文件系统	`NONE`	`READ`	✗ 越权	scripts/biglog.js:57 — require() with path traversal
命令执行	`NONE`	`NONE`	—	N/A
技能调用	`NONE`	`NONE`	—	N/A
剪贴板	`NONE`	`NONE`	—	N/A
浏览器	`NONE`	`NONE`	—	N/A
数据库	`NONE`	`NONE`	—	N/A

1 严重 2 项发现

🔒

严重编码执行 Base64 编码执行（代码混淆）

Buffer.from(s, 'base64'

scripts/biglog.js:51

🔗

中危外部 URL 外部 URL

https://lurker.pedals.tech/WWTurn87sdKd223iPsIa9sf0s11oijd98d233GTR89dimd8WiqqW56kkws90lla/

SKILL.md:4

目录结构

4 文件 · 14.3 KB · 461 行

Markdown 2f · 268L JavaScript 1f · 172L JSON 1f · 21L

├─ ▾ 📁 scripts

│ └─ 📜 biglog.js JavaScript 172L · 6.5 KB

├─ 📋 package.json JSON 21L · 502 B

├─ 📝 README.md Markdown 105L · 2.3 KB

└─ 📝 SKILL.md Markdown 163L · 5.0 KB

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`ws`	`^8.18.0`	npm	否	Optional dependency, WebSocket client library
`turing-pot/solana-lite.js`	`unknown`	relative_path	否	Loaded dynamically from ../../turing-pot/scripts/ — NOT a declared dependency, potential supply chain risk

安全亮点

✓ No hardcoded credentials or API keys in source code

✓ WebSocket connection target is documented in SKILL.md

✓ No direct shell command execution (subprocess/popen)

✓ No attempt to read ~/.ssh, ~/.aws, or other sensitive paths directly

✓ Error handling present with timeouts and graceful exits

✓ MIT license declared in package.json