OneBot消息发送安全扫描报告 — 低风险 | ClawSafe

15 /100

OneBot消息发送

通过 OneBot HTTP API 使用本地命令发送 QQ 私聊或群消息

A straightforward OneBot QQ messaging skill with clear documentation, limited to localhost API calls with no hidden functionality.

技能名称OneBot消息发送

分析耗时31.4s

引擎pi

✓

可以安装

Skill is safe for use. Monitor for potential abuse via prompt injection attempting to send unauthorized messages.

安全发现 1 项

严重性	安全发现	位置
低危	Documentation Only Skill 文档欺骗 This skill contains only documentation/instructions with no executable code. Actual behavior depends on the calling AI agent's implementation of the documented curl commands. `# Skill: OneBot消息发送` → Document this limitation clearly and ensure calling systems validate curl commands before execution	`SKILL.md:1`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No filesystem access declared or observed
网络访问	`READ`	`READ`	✓ 一致	HTTP POST to localhost OneBot API only
命令执行	`WRITE`	`WRITE`	✓ 一致	curl execution restricted to OneBot API commands only
环境变量	`NONE`	`NONE`	—	No environment variable access

2 项发现

🔗

中危外部 URL 外部 URL

http://127.0.0.1:5700/send_private_msg

SKILL.md:49

🔗

中危外部 URL 外部 URL

http://127.0.0.1:5700/send_group_msg

SKILL.md:58

2 文件 · 2.5 KB · 97 行

Markdown 1f · 89L JSON 1f · 8L

├─ 📋 _meta.json JSON 8L · 175 B

└─ 📝 SKILL.md Markdown 89L · 2.3 KB

包名	版本	来源	已知漏洞	备注
`curl`	`N/A`	system binary	否	External dependency not managed by skill

✓ All behavior explicitly documented in SKILL.md

✓ Network access restricted to localhost only (127.0.0.1)

✓ Explicit rule denying non-OneBot shell commands

✓ No credential harvesting or environment variable access

✓ No obfuscation or base64-encoded payloads

✓ No external IP connections or data exfiltration

✓ No sensitive file access (SSH, AWS, .env)

✓ Clear use case with no suspicious patterns