b2b-sdr-agent 安全扫描报告 — 低风险 | ClawSafe

15 /100

b2b-sdr-agent

Open-source B2B AI SDR template with multi-channel sales, WhatsApp IP isolation, and remote server deployment

Legitimate B2B sales agent template with documented deployment capabilities. Critical IOC (curl|bash) is a standard NodeSource installer from a trusted official source, not malicious remote code execution.

技能名称b2b-sdr-agent

分析耗时48.7s

引擎pi

✓

可以安装

This skill is safe to use. The shell:WRITE capability is necessary for its documented remote server deployment purpose. No hidden credential harvesting or exfiltration observed.

安全发现 2 项

严重性	安全发现	位置
低危	SSH password in memory deploy.sh stores SSH_PASS in a temporary file created with python3 for sshpass. While the file has 0600 permissions and is shredded on exit, the plaintext password exists in memory. `echo -n "$SSH_PASS" > "$PW_FILE"` → Consider using SSH key-based authentication instead of password-based auth to avoid credential exposure in memory	`deploy/deploy.sh:76`
提示	WireGuard private key extraction ip-isolate.sh extracts WireGuard private key from WARP profile and writes it to /etc/suiwarp/. WireGuard private keys should remain protected. `WG_PK=$(grep PrivateKey "$PROF" \| awk '{print $3}')` → Ensure /etc/suiwarp/ has restricted permissions (chmod 700) and consider using a secrets manager	`deploy/ip-isolate.sh:136`

资源类型	声明权限	推断权限	状态	证据
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md:deploy section describes SSH-based remote deployment
文件系统	`WRITE`	`WRITE`	✓ 一致	Creates configs in /root/.openclaw and /root/.config
网络访问	`READ`	`READ`	✓ 一致	Jina AI API, ipinfo.io for IP detection
环境变量	`NONE`	`NONE`	—	No evidence of os.environ iteration or credential scanning

1 严重 1 高危 24 项发现

💀

严重危险命令危险 Shell 命令

curl -fsSL https://deb.nodesource.com/setup_22.x | bash

deploy/deploy.sh:160

📡

高危 IP 地址硬编码 IP 地址

1.1.1.1

README.md:333

🔗

中危外部 URL 外部 URL

https://memos-dashboard.openmem.net

ANTI-AMNESIA.md:36

🔗

中危外部 URL 外部 URL

https://api.openmem.net/v1

ANTI-AMNESIA.md:37

🔗

中危外部 URL 外部 URL

https://ai.pulseagent.io

ANTI-AMNESIA.md:790

🔗

中危外部 URL 外部 URL

https://openclaw.dev

README.ar.md:7

🔗

中危外部 URL 外部 URL

http://YOUR_SERVER_IP:18789/?token=YOUR_GATEWAY_TOKEN

README.md:239

🔗

中危外部 URL 外部 URL

https://1.1.1.1/

README.md:333

🔗

中危外部 URL 外部 URL

https://news.ycombinator.com/submit

SOCIAL-PUBLISH-PROMPTS.md:32

🔗

中危外部 URL 外部 URL

https://www.reddit.com/r/SaaS/submit

SOCIAL-PUBLISH-PROMPTS.md:62

🔗

中危外部 URL 外部 URL

https://www.reddit.com/r/sales/submit

SOCIAL-PUBLISH-PROMPTS.md:99

🔗

中危外部 URL 外部 URL

https://www.reddit.com/r/artificial/submit

SOCIAL-PUBLISH-PROMPTS.md:135

🔗

中危外部 URL 外部 URL

https://x.com/compose/post

SOCIAL-PUBLISH-PROMPTS.md:227

🔗

中危外部 URL 外部 URL

https://www.linkedin.com/feed/

SOCIAL-PUBLISH-PROMPTS.md:269

🔗

中危外部 URL 外部 URL

https://dev.to/new

SOCIAL-PUBLISH-PROMPTS.md:360

🔗

中危外部 URL 外部 URL

https://zhuanlan.zhihu.com/write

SOCIAL-PUBLISH-PROMPTS.md:431

🔗

中危外部 URL 外部 URL

https://www.producthunt.com/posts/new

SOCIAL-PUBLISH-PROMPTS.md:462

🔗

中危外部 URL 外部 URL

https://openclaw.dev/changelog

deploy/UPGRADE.md:13

🔗

中危外部 URL 外部 URL

https://deb.nodesource.com/setup_22.x

deploy/deploy.sh:160

🔗

中危外部 URL 外部 URL

https://ipinfo.io/ip

deploy/ip-isolate.sh:218

🔗

中危外部 URL 外部 URL

https://s.jina.ai/QUERY_URL_ENCODED

skills/lead-discovery/SKILL.md:37

🔗

中危外部 URL 外部 URL

https://r.jina.ai/https://target-company.com

skills/lead-discovery/SKILL.md:44

🔗

中危外部 URL 外部 URL

https://jina.ai/

skills/lead-discovery/SKILL.md:49

🔗

中危外部 URL 外部 URL

http://SERVER_IP:

workspace/TOOLS.md:31

目录结构

46 文件 · 310.8 KB · 7801 行

Markdown 33f · 5713L Shell 5f · 1036L JavaScript 4f · 675L HTML 1f · 220L JSON 3f · 157L

├─ ▾ 📁 deploy

│ ├─ 🔧 deploy.sh Shell 280L · 11.2 KB

│ ├─ 🔧 generate-config.sh Shell 197L · 5.6 KB

│ ├─ 🔧 ip-isolate.sh Shell 288L · 9.8 KB

│ ├─ 🔧 skill-profiles.sh Shell 109L · 3.4 KB

│ └─ 📝 UPGRADE.md Markdown 101L · 3.1 KB

├─ ▾ 📁 examples

│ ├─ ▾ 📁 electronics

│ │ ├─ 📝 IDENTITY.md Markdown 28L · 962 B

│ │ └─ 📝 USER.md Markdown 42L · 1.5 KB

│ ├─ ▾ 📁 heavy-vehicles

│ │ ├─ ▾ 📁 product-kb

│ │ │ └─ 📋 catalog.json JSON 51L · 1.5 KB

│ │ ├─ 📝 IDENTITY.md Markdown 29L · 1.0 KB

│ │ └─ 📝 USER.md Markdown 51L · 2.0 KB

│ └─ ▾ 📁 textiles

│ ├─ 📝 IDENTITY.md Markdown 28L · 1.0 KB

│ └─ 📝 USER.md Markdown 44L · 1.6 KB

├─ ▾ 📁 product-kb

│ ├─ ▾ 📁 products

│ │ └─ ▾ 📁 example-product

│ │ └─ 📋 info.json JSON 45L · 1.5 KB

│ ├─ ▾ 📁 scripts

│ │ └─ 📜 generate-pi.js JavaScript 105L · 3.1 KB

│ └─ 📋 catalog.json JSON 61L · 1.7 KB

├─ ▾ 📁 scripts

│ └─ 📜 proactive-summary.mjs JavaScript 167L · 5.7 KB

├─ ▾ 📁 skills

│ ├─ ▾ 📁 chroma-memory

│ │ ├─ 📜 chroma.mjs JavaScript 273L · 9.4 KB

│ │ └─ 📝 SKILL.md Markdown 60L · 2.1 KB

│ ├─ ▾ 📁 delivery-queue

│ │ ├─ 🔧 deliver.sh Shell 162L · 4.6 KB

│ │ └─ 📝 SKILL.md Markdown 47L · 1.4 KB

│ ├─ ▾ 📁 lead-discovery

│ │ └─ 📝 SKILL.md Markdown 120L · 3.8 KB

│ ├─ ▾ 📁 quotation-generator

│ │ └─ 📝 SKILL.md Markdown 53L · 1.8 KB

│ ├─ ▾ 📁 sdr-humanizer

│ │ └─ 📝 SKILL.md Markdown 64L · 2.4 KB

│ ├─ ▾ 📁 supermemory

│ │ ├─ 📝 SKILL.md Markdown 56L · 1.7 KB

│ │ └─ 📜 sm.mjs JavaScript 130L · 4.0 KB

│ └─ ▾ 📁 telegram-toolkit

│ └─ 📝 SKILL.md Markdown 185L · 6.5 KB

├─ ▾ 📁 workspace

│ ├─ 📝 AGENTS.md Markdown 203L · 9.6 KB

│ ├─ 📝 HEARTBEAT.md Markdown 96L · 4.0 KB

│ ├─ 📝 IDENTITY.md Markdown 31L · 1.1 KB

│ ├─ 📝 MEMORY.md Markdown 120L · 6.2 KB

│ ├─ 📝 SOUL.md Markdown 44L · 3.0 KB

│ ├─ 📝 TOOLS.md Markdown 144L · 5.9 KB

│ └─ 📝 USER.md Markdown 58L · 1.5 KB

├─ 📝 ANTI-AMNESIA.md Markdown 790L · 24.6 KB

├─ 📝 LAUNCH-CONTENT.md Markdown 509L · 27.4 KB

├─ 📝 README.ar.md Markdown 267L · 15.0 KB

├─ 📝 README.es.md Markdown 267L · 11.6 KB

├─ 📝 README.fr.md Markdown 272L · 11.6 KB

├─ 📝 README.ja.md Markdown 267L · 12.7 KB

├─ 📝 README.md Markdown 367L · 14.3 KB

├─ 📝 README.pt-BR.md Markdown 272L · 11.6 KB

├─ 📝 README.ru.md Markdown 267L · 16.7 KB

├─ 📝 README.zh-CN.md Markdown 257L · 10.0 KB

├─ 📝 SKILL.md Markdown 70L · 2.7 KB

├─ 📄 social-preview.html HTML 220L · 5.7 KB

└─ 📝 SOCIAL-PUBLISH-PROMPTS.md Markdown 504L · 23.2 KB

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`wgcf`	`2.2.22`	GitHub releases	否	WireGuard Cloudflare WARP tool - binary download from ViRb3/wgcf
`wireproxy`	`1.0.9`	GitHub releases	否	SOCKS5 proxy built on WireGuard - binary from pufferffish/wireproxy

安全亮点

✓ No credential harvesting - no iteration through os.environ for API keys

✓ No data exfiltration - no network calls to unknown external IPs for stealing data

✓ No base64-encoded payloads or obfuscated code

✓ No reverse shell or C2 infrastructure detected

✓ Input validation present in deliver.sh (validate_channel, validate_recipient, validate_id, validate_delay)

✓ Path traversal protection in cancel command

✓ Security constraints documented in lead-discovery (blocked internal IPs, rate limits)

✓ API keys stay in config files and are not exfiltrated

✓ exec-approvals set to 'full' security mode in deploy.sh