promptbuddy 安全扫描报告 — 可疑 | ClawSafe

50 /100

promptbuddy

智能 Prompt 优化工具 - A prompt optimization skill that transforms user queries into structured prompts

Skill is documentation-only with no implementation files, yet declares execution of an external Python script that doesn't exist in the package, creating an unverified execution vector.

技能名称promptbuddy

分析耗时41.0s

引擎pi

⚠

谨慎使用

Do not use until: (1) Implementation scripts are bundled and verifiable, (2) Script integrity is verified, (3) Permissions are explicitly declared, (4) The 'global forced execution' behavior is justified and documented.

攻击链 4 步

◎

入口 User installs skill expecting prompt optimization

SKILL.md:1

⬡

提权 Attacker places malicious script at ~/.openclaw/workspace/skills/promptbuddy/scripts/smart_engine.py

SKILL.md:8

⬡

提权 Skill executes external Python script on every user input

SKILL.md:8

◉

影响 Malicious script can exfiltrate data, execute arbitrary code, or harvest credentials

~/.openclaw/workspace/skills/promptbuddy/scripts/smart_engine.py

安全发现 4 项

严重性	安全发现	位置
高危	Missing Implementation Files 文档欺骗 The skill declares execution of 'scripts/smart_engine.py' but this script does not exist in the package. Users install this skill expecting prompt optimization, but the actual behavior depends entirely on an external script at ~/.openclaw/workspace/skills/promptbuddy/scripts/smart_engine.py that could be replaced with arbitrary code. `cd ~/.openclaw/workspace/skills/promptbuddy && python3 scripts/smart_engine.py -f json` → Either include the script in the package with integrity verification, or remove this skill until proper bundling is implemented.	`SKILL.md:8`
中危	Undeclared Shell Execution 权限提升 The skill instructs the AI agent to execute shell commands (python3) without declaring shell:WRITE in any allowed-tools section. This is hidden functionality that operates outside the declared capability model. `cd ~/.openclaw/workspace/skills/promptbuddy && python3 scripts/smart_engine.py -f json "用户输入"` → Declare shell:WRITE permission explicitly if shell execution is required, or remove the execution requirement.	`SKILL.md:8`
中危	Hardcoded Framework Path Access 敏感访问 The skill references a specific framework installation path (~/.openclaw) without declaring filesystem access to this path. This path could contain sensitive configuration or user data. `~/.openclaw/workspace/skills/promptbuddy` → Declare filesystem:READ permission for the required paths, or use a sandboxed execution environment.	`SKILL.md:8`
低危	No declared allowed-tools section 文档欺骗 The SKILL.md lacks a standard 'allowed-tools' section that would declare required permissions. According to the capability model, this should map Bash to shell:WRITE. `--- name: promptbuddy` → Add a proper allowed-tools declaration at the top of SKILL.md.	`SKILL.md:1`

资源类型	声明权限	推断权限	状态	证据
命令执行	`NONE`	`WRITE`	✓ 一致	SKILL.md: Executes 'python3 scripts/smart_engine.py' without declaring shell:WRI…
文件系统	`NONE`	`READ`	✓ 一致	SKILL.md: References ~/.openclaw/workspace/skills/promptbuddy path without permi…

目录结构

1 文件 · 5.1 KB · 145 行

Markdown 1f · 145L

└─ 📝 SKILL.md Markdown 145L · 5.1 KB

安全亮点

✓ No malicious code directly present in the package

✓ No credential harvesting observed

✓ No network exfiltration detected in documentation

✓ No base64-encoded payloads or obfuscation techniques found