interactive-infographic 安全扫描报告 — 可疑 | ClawSafe

40 /100

interactive-infographic

AI automation drawing and complex information visualization tool based on ContextWeave

Skill contains hardcoded API key and undeclared data transmission with insufficient documentation about default credential usage.

技能名称interactive-infographic

分析耗时40.2s

引擎pi

⚠

谨慎使用

Remove hardcoded fallback API key from source code. Add explicit documentation explaining when and how the default anonymous credential is used versus user-provided credentials.

安全发现 3 项

严重性	安全发现	位置
中危	Hardcoded fallback API key in source code 凭证窃取 The file cw_client.cjs contains a hardcoded fallback API key '94a05d02-9ade-4d9d-9f39-88734d9e34b4' which serves as a default anonymous credential when the environment variable is not set. This credential is sent with every request to the backend. `return key \|\| "94a05d02-9ade-4d9d-9f39-88734d9e34b4";` → Remove hardcoded fallback credentials from source code. If anonymous access is required, implement it server-side without embedding credentials in client code.	`scripts/cw_client.cjs:14`
中危	Insufficient documentation of default credential behavior 文档欺骗 SKILL.md mentions 'anonymous credential' in the security section but fails to specify that it is a hardcoded key embedded in source code. Users cannot make an informed decision about using this default versus providing their own key. `若未显式设置，将使用内置的默认匿名凭据` → Add explicit documentation specifying: (1) The exact default key value, (2) When this default is used, (3) Security implications of using anonymous credentials, (4) Why this is acceptable vs credential harvesting.	`SKILL.md:120`
低危	Non-obvious allowlisted domain 敏感访问 The host allowlist includes 'bpjwmsdb.com' which is not clearly related to the ContextWeave service. While the allowlist provides some protection, this domain warrants verification. `const allowlist = ["api.contextweave.site", "contextweave.site", "pptx.chenxitech.site", "bpjwmsdb.com"];` → Verify bpjwmsdb.com is a legitimate service endpoint. If unrelated, remove from allowlist to reduce attack surface.	`scripts/cw_client.cjs:38`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`WRITE`	✓ 一致	cw_client.cjs:exportCode writes diagram.cw to target path
网络访问	`WRITE`	`WRITE`	✓ 一致	postJson() makes HTTP POST to allowed hosts
命令执行	`NONE`	`NONE`	—	No subprocess or exec calls found
环境变量	`READ`	`READ`	✓ 一致	Reads CONTEXTWEAVE_MCP_API_KEY and CONTEXTWEAVE_EDITOR_PROTOCOL

2 项发现

🔗

中危外部 URL 外部 URL

https://pptx.chenxitech.site

SKILL.md:177

🔗

中危外部 URL 外部 URL

https://api.contextweave.site

cwmcp_config.example.json:2

目录结构

9 文件 · 26.8 KB · 794 行

JavaScript 6f · 599L Markdown 1f · 180L JSON 2f · 15L

├─ ▾ 📁 scripts

│ ├─ 📜 cw_client.cjs JavaScript 268L · 8.8 KB

│ ├─ 📜 edit_contextweave.cjs JavaScript 72L · 1.8 KB

│ ├─ 📜 export_contextweave_code.cjs JavaScript 47L · 1.1 KB

│ ├─ 📜 export_session_asset.cjs JavaScript 74L · 1.9 KB

│ ├─ 📜 generate_contextweave.cjs JavaScript 93L · 2.4 KB

│ └─ 📜 import_contextweave_code.cjs JavaScript 45L · 1.1 KB

├─ 📋 _meta.json JSON 11L · 208 B

├─ 📋 cwmcp_config.example.json JSON 4L · 82 B

└─ 📝 SKILL.md Markdown 180L · 9.3 KB

安全亮点

✓ No shell execution or subprocess calls found - skill uses only Node.js standard library

✓ Path traversal protection implemented with CWD validation and absolute path requirements

✓ Host allowlist restricts network requests to known domains only

✓ No obfuscation techniques (no base64, eval, or encoded strings)

✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env files

✓ No persistence mechanisms (no cron, startup hooks, or backdoor installation)

✓ No credential harvesting beyond declared environment variable

✓ Explicit JSON output format reduces prompt injection risk