Skill Trust Decision
openclaw-free-search
代码实现了声称的搜索功能,但存在未声明的 shell 执行能力(curl fallback),存在文档-行为差异。
Most direct threat evidence
Why this conclusion was reached
1/4 dimensions flagged Block
Declared vs actual capability
1 undeclared or violating capabilities were inferred.
Review
Hidden execution and egress
2 lower-risk artifacts were extracted and still need context.
Pass
Attack chain and severe findings
There is no explicit malicious chain in the report.
Review
Dependencies and supply chain hygiene
Dependency information is incomplete, so supply-chain confidence stays limited.
What drove the risk score up
未声明的 shell 执行 +25
代码第 27-31 行使用 execFileSync('curl') 执行命令,但 SKILL.md 未声明任何 shell 执行能力
文档-行为差异 +10
SKILL.md 仅描述'免 Key 搜索',未说明实现方式和 fallback 机制
Most important evidence
Medium
未声明的 shell 执行能力
代码在 fetch 失败时会使用 execFileSync 执行 curl 命令,这是 shell:WRITE 操作,但 SKILL.md 完全没有提及
search.js:27-31 在 SKILL.md 中补充说明网络请求方式,包括 fetch 和 curl fallback 两种机制
Low
缺少错误处理详情
错误信息中暴露了'DuckDuckGo'等实现细节,可能泄漏工具内部信息
search.js:32 使用更通用的错误信息
Declared capability vs actual capability
Network Pass
Declared READ
→ Inferred READ
SKILL.md:14 'search the web' Shell Block
Declared NONE
→ Inferred WRITE
search.js:27-31 execFileSync('curl', ...) Suspicious artifacts and egress
Medium External URL
https://yang1002378395-cmyk.github.io/openclaw-install-service/ SKILL.md:45
Medium External URL
https://api.duckduckgo.com/?q=$ search.js:18
Dependencies and supply chain
There are no structured dependency warnings.
File composition
3 files · 129 lines
JavaScript 1 files · 75 linesMarkdown 1 files · 49 linesJSON 1 files · 5 lines
Files of concern · 2
search.js 未声明的 shell 执行能力 · 缺少错误处理详情 · https://api.duckduckgo.com/?q=$
SKILL.md https://yang1002378395-cmyk.github.io/openclaw-install-service/
Other files · _meta.json
Security positives
功能相对简单,无复杂的攻击链
无凭证收割、环境变量遍历等敏感操作
无外部数据传输行为
使用标准 DuckDuckGo API,无隐蔽通信