openclaw-rp-plugin 安全扫描报告 — 可信 | ClawSafe

5 /100

openclaw-rp-plugin

SillyTavern-compatible roleplay plugin with character cards, long memory, multimodal output (TTS/image), and Generative-Agents-style companion

Legitimate roleplay plugin for OpenClaw with no malicious behavior. The base64 IOCs flagged in pre-scan are false positives - all represent standard file processing for SillyTavern character card imports.

技能名称openclaw-rp-plugin

分析耗时48.7s

引擎pi

✓

可以安装

This skill is safe to use. No security concerns identified.

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ+WRITE`	`READ+WRITE`	✓ 一致	SKILL.md Configuration section declares ~/.openclaw/ config access
网络访问	`READ+WRITE`	`READ+WRITE`	✓ 一致	SKILL.md Core Capabilities declares TTS and image generation with external APIs
命令执行	`NONE`	`NONE`	—	No exec, spawn, or command execution found
数据库	`READ+WRITE`	`READ+WRITE`	✓ 一致	SKILL.md Long Memory section declares SQLite for session persistence
环境变量	`READ`	`READ`	✓ 一致	SKILL.md declares OPENCLAW_RP_LOCALE and OpenAI/Gemini env vars

5 严重 9 项发现

🔒

严重编码执行 Base64 编码执行（代码混淆）

Buffer.from(attachment.content, "base64"

src/core/commandRouter.js:100

🔒

严重编码执行 Base64 编码执行（代码混淆）

Buffer.from(match[2], "base64"

src/core/commandRouter.js:141

🔒

严重编码执行 Base64 编码执行（代码混淆）

Buffer.from(dataUrl.base64, "base64"

src/openclaw/register.js:148

🔒

严重编码执行 Base64 编码执行（代码混淆）

Buffer.from(resolved, "base64"

src/utils/attachments.js:16

🔒

严重编码执行 Base64 编码执行（代码混淆）

Buffer.from(encoded, "base64"

src/utils/png.js:34

🔗

中危外部 URL 外部 URL

https://arxiv.org/abs/2304.03442

README.md:7

🔗

中危外部 URL 外部 URL

https://example.local/audio.mp3

examples/smoke-run.js:26

🔗

中危外部 URL 外部 URL

https://example.local/image.png

examples/smoke-run.js:31

🔗

中危外部 URL 外部 URL

https://api.telegram.org

src/providers/attachmentResolvers.js:52

目录结构

70 文件 · 360.8 KB · 11857 行

JavaScript 61f · 10617L Markdown 7f · 1143L JSON 2f · 97L

├─ ▾ 📁 docs

│ ├─ 📝 ARCHITECTURE.md Markdown 176L · 5.9 KB

│ └─ 📝 ARCHITECTURE.zh-CN.md Markdown 175L · 5.6 KB

├─ ▾ 📁 examples

│ ├─ 📜 openclaw-rp-bootstrap.js JavaScript 59L · 1.5 KB

│ └─ 📜 smoke-run.js JavaScript 61L · 1.8 KB

├─ ▾ 📁 src

│ ├─ ▾ 📁 channels

│ │ └─ 📜 adapters.js JavaScript 119L · 2.7 KB

│ ├─ ▾ 📁 core

│ │ ├─ 📜 commandRouter.js JavaScript 1189L · 38.0 KB

│ │ ├─ 📜 defaultPreset.js JavaScript 98L · 3.0 KB

│ │ ├─ 📜 lorebookMatcher.js JavaScript 41L · 1.2 KB

│ │ ├─ 📜 modelConfigResolver.js JavaScript 87L · 2.5 KB

│ │ ├─ 📜 promptBuilder.js JavaScript 153L · 4.9 KB

│ │ ├─ 📜 rateLimiter.js JavaScript 20L · 558 B

│ │ ├─ 📜 retry.js JavaScript 42L · 974 B

│ │ ├─ 📜 sessionManager.js JavaScript 779L · 25.1 KB

│ │ └─ 📜 sessionMutex.js JavaScript 26L · 559 B

│ ├─ ▾ 📁 importers

│ │ ├─ 📜 cardImporter.js JavaScript 163L · 4.1 KB

│ │ ├─ 📜 lorebookImporter.js JavaScript 73L · 2.4 KB

│ │ └─ 📜 presetImporter.js JavaScript 84L · 2.4 KB

│ ├─ ▾ 📁 openclaw

│ │ ├─ 📜 agentImageTool.js JavaScript 172L · 5.5 KB

│ │ ├─ 📜 agentPersona.js JavaScript 164L · 5.3 KB

│ │ ├─ 📜 autoImage.js JavaScript 250L · 6.5 KB

│ │ ├─ 📜 i18n.js JavaScript 111L · 3.9 KB

│ │ ├─ 📜 nodeSqliteCompat.js JavaScript 51L · 956 B

│ │ └─ 📜 register.js JavaScript 2165L · 63.8 KB

│ ├─ ▾ 📁 providers

│ │ ├─ 📜 attachmentResolvers.js JavaScript 103L · 2.8 KB

│ │ ├─ 📜 gemini.js JavaScript 290L · 10.6 KB

│ │ └─ 📜 openaiCompatible.js JavaScript 267L · 7.1 KB

│ ├─ ▾ 📁 store

│ │ ├─ 📜 inMemoryStore.js JavaScript 479L · 15.1 KB

│ │ ├─ 📜 schema.js JavaScript 120L · 3.8 KB

│ │ └─ 📜 sqliteStore.js JavaScript 772L · 23.2 KB

│ ├─ ▾ 📁 utils

│ │ ├─ 📜 attachments.js JavaScript 68L · 1.5 KB

│ │ ├─ 📜 commandParser.js JavaScript 92L · 1.8 KB

│ │ ├─ 📜 id.js JavaScript 10L · 259 B

│ │ ├─ 📜 imageIntent.js JavaScript 221L · 6.2 KB

│ │ ├─ 📜 multilingualEmbedding.js JavaScript 139L · 3.6 KB

│ │ ├─ 📜 png.js JavaScript 52L · 1.7 KB

│ │ ├─ 📜 sessionKey.js JavaScript 15L · 542 B

│ │ ├─ 📜 textCleaner.js JavaScript 104L · 3.2 KB

│ │ ├─ 🔑 tiktokenEstimator.js ⚠ JavaScript 18L · 456 B

│ │ ├─ 📜 timeout.js JavaScript 21L · 539 B

│ │ └─ 🔑 tokenEstimator.js ⚠ JavaScript 16L · 482 B

│ ├─ 📜 errors.js JavaScript 35L · 691 B

│ ├─ 📜 index.js JavaScript 28L · 1.2 KB

│ ├─ 📜 openclawIntegration.js JavaScript 63L · 1.6 KB

│ ├─ 📜 plugin.js JavaScript 154L · 4.7 KB

│ └─ 📜 types.js JavaScript 50L · 1.3 KB

├─ ▾ 📁 tests

│ ├─ 📜 agentImageTool.test.js JavaScript 99L · 2.8 KB

│ ├─ 📜 agentPersona.test.js JavaScript 83L · 2.7 KB

│ ├─ 📜 attachmentResolvers.test.js JavaScript 86L · 2.2 KB

│ ├─ 📜 cardImporter.test.js JavaScript 58L · 1.4 KB

│ ├─ 📜 channelsAdapter.test.js JavaScript 59L · 1.6 KB

│ ├─ 📜 commandParser.test.js JavaScript 15L · 588 B

│ ├─ 📜 hooksAndPolicies.test.js JavaScript 331L · 9.7 KB

│ ├─ 📜 imageIntent.test.js JavaScript 84L · 2.4 KB

│ ├─ 📜 integrationHandlers.test.js JavaScript 135L · 3.5 KB

│ ├─ 📜 lorebookMatcher.test.js JavaScript 21L · 847 B

│ ├─ 📜 openaiCompatibleProvider.test.js JavaScript 124L · 3.4 KB

│ ├─ 📜 openclawAutoImage.test.js JavaScript 210L · 5.5 KB

│ ├─ 📜 pluginStoreSelection.test.js JavaScript 31L · 748 B

│ ├─ 📜 promptBuilder.test.js JavaScript 31L · 1.0 KB

│ ├─ 📜 ragMemory.test.js JavaScript 86L · 2.4 KB

│ ├─ 📜 routerFlow.test.js JavaScript 116L · 3.9 KB

│ ├─ 📜 textCleaner.test.js JavaScript 13L · 690 B

│ └─ 🔑 tokenEstimatorFactory.test.js ⚠ JavaScript 11L · 426 B

├─ 📝 CHANGELOG.md Markdown 47L · 3.6 KB

├─ 📝 CHANGELOG.zh.md Markdown 41L · 3.0 KB

├─ 📋 openclaw.plugin.json JSON 49L · 1.2 KB

├─ 📋 package.json JSON 48L · 1.5 KB

├─ 📝 README.md Markdown 263L · 9.1 KB

├─ 📝 README.zh.md Markdown 262L · 9.3 KB

└─ 📝 SKILL.md Markdown 179L · 6.3 KB

依赖分析 3 项

包名	版本	来源	已知漏洞	备注
`better-sqlite3`	`^9.0.0`	npm	否	Optional peer dependency for SQLite persistence
`js-tiktoken`	`^1.0.0`	npm	否	Optional peer dependency for token counting
`openclaw`	`*`	npm	否	Plugin framework, optional peer dependency

安全亮点

✓ No shell execution or command injection patterns found

✓ No credential harvesting from environment variables

✓ No data exfiltration or suspicious network requests

✓ No reverse shell, C2, or command-and-control behavior

✓ All base64 operations are legitimate file processing for SillyTavern PNG character cards

✓ Dependencies are well-defined with proper version constraints

✓ Extensive documentation in SKILL.md matches actual implementation

✓ Clean architecture with proper error handling throughout

✓ No hidden HTML comments or obfuscated instructions

✓ Data URL parsing follows standard W3C format